Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 15 Jul 2015 23:04:50 +0300
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Default attack format

On Wed, Jul 15, 2015 at 07:22:43PM +0300, Aleksey Cherepanov wrote:
> On Wed, Jul 15, 2015 at 10:48:41AM -0400, jfoug@....net wrote:
> > ---- Aleksey Cherepanov <lyosha@...nwall.com> wrote: 
> > > I think --show=types could do the job: the first format in the first
> > > line with 1+ formats listed is the default one. But it is in jumbo
> > > only.
> > 
> > That really gives you no information.  It is all in the valid() return (with a prepare).  Only knowing the format names does not allow you to know if a line is valid within that format.   It is all within the actual logic OF the format itself.   Since there is no API into john exposing the format array, there really is no way to know ATT without allowing john to run on the file.
> 
> --show=types uses a loop similar to loader's loop, i.e. it calls
> prepare() and valid(). There are only a few differences: it does not
> stop with 1 format, also it enforces dynamic_allow_rawhash_fixup after
> the first line (I think dynamics reset it when there is no bare hash
> on the first line). Of course, loader might be changed since
> --show=types implementation so more differences might be introduced.
> 
> I guess it is not easy to distinguish when dynamic_allow_rawhash_fixup
> affected --show=types.
> 
> Nevertheless in simple cases, it works as I said:

--show=types approach would be easy to implement in Johnny because
Johnny calls --show=types opening a file. On the other hand, core
would not be supported. So --show=types is not the best solution.

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.