Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Sep 2015 16:38:39 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Judy array

On Mon, Sep 21, 2015 at 06:18:34AM -0700, Fred Wang wrote:
> Here go (you know you can run mdxfind too - I won't be offended :-)
> 
> https://www.sendspace.com/file/v04opu

Thanks.  I am still looking into the crack count discrepancy, but it's
immediately apparent that MDXfind misreports many cracked passwords, in
one of two ways: some are truncated, and some are unnecessarily reported
in $HEX[] form with a NUL byte in them and garbage (leftover from
another candidate password?) after the NUL.

For example:

-000d76a73aba493c5bcc5c7c8528b568:1justice
+000d76a73aba493c5bcc5c7c8528b568:1just

-00010a8932c665aa7cb49aa5899adbd4:klarence
+00010a8932c665aa7cb49aa5899adbd4:$HEX[6b6c6172656e6365006265656b5f726f6e]

I've verified JtR's cracks (the "-" lines here) with "echo -n ... |
md5sum", and they are correct.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ