Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 15 Jul 2015 10:46:04 -0400
From:  <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: Re: Default attack format


---- magnum <john.magnum@...hmail.com> wrote: 
> On 2015-07-15 16:00, Shinnok wrote:
> > Is there a method to find out which format will John attack by
> > default for a given password file, for either core or jumbo? We are
> > in the process of sorting out the format confusion for Johnny and we
> > need to figure out what to do for the default format case.
> >
> > https://github.com/shinnok/johnny/issues/61
> 
> I believe the ultimate answer is "the first format that was registered 
> [as in fmt_register()] who's valid() doesn't reject all hashes in the file".

I answered on the github issue.  Actually, it is the first line at all that has a valid() which returns true from any format that is currently registered.  And yes, the valid() functions are called in the order that the formats were registered in john, if that first line has multiple formats which return true to valid()..  But it does not matter that valid() doesn't reject all hashes.    The 'default' hash may be for a single line in the file, where the entire rest of the file is of different hash types.

But having an outside tool be able to 'know' what the default is, most likely is not a good task to undertake.  That tool would have to know all of the formats that are registered in john, and their order, and also know all of the logic from all of the valid() and prepare() functions for all formats.   Currently there is no mechanism to 'know' this, other than running a very short test to see what john uses, THEN be able to show this and re-run john on the longer real run, but being able to either specify the default, or to know it for display reasons.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.