Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Sep 2015 08:40:03 -0700
From: Fred Wang <waffle.contest@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Judy array


On Sep 21, 2015, at 7:43 AM, Solar Designer <solar@...nwall.com> wrote:

> Fred -
> 
> On Mon, Sep 21, 2015 at 05:07:51PM +0300, Solar Designer wrote:
>> There are 947 hashes that MDXfind cracked and JtR did not.  The
>> corresponding passwords are of at least 7 characters long (none are
>> shorter than 7).  No other obvious pattern yet.  I've tested a couple
>> against john --stdout for the same wordlist and rules, and they are not
>> in there, so at least for these two it's some discrepancy in the
>> candidates stream rather than in the hashing or comparisons.  One such
>> password is noimage.  A similar line in the wordlist is geoimagen,
>> although there are several other (not so) similar ones.  A rotate rule
>> might be producing noimage on MDXfind, but somehow not on JtR.
> 
> I figured this out.  You implement the 'x' command incorrectly.  You
> implement it as a "delete" command, but it is an "extract" command.
> 
> Maybe hashcat has the bug too, given that this rule from best64:


Yes, hashcat documents it as a "delete":


Delete range 	 xNM	 Deletes M characters, starting at position N 	 x02	 p@...0rd	 ssW0rd	 *

which is how I implemented it.   

I'm working on the other issue now - more shortly.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.