Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 9 Sep 2005 04:40:38 +0400
From: Solar Designer <>
Subject: Re: Definitely getting false positives


On Tue, Sep 06, 2005 at 10:47:56AM -0600, Stephen Cartwright wrote:
> I am definitely getting some false positives. There are some passwords that 
> do not work. 
> The password file is up to date and the accounts are enabled. 

We had proceeded to discuss this with Stephen via private e-mail and
I've found the bug.  Yes, there was a bug in the loader introduced with where "john --show" would report split hashes with the last
piece not yet cracked as if they were fully cracked.

The fix is available here:;r2=1.5

This affects bigcrypt/crypt16 and LM hashes.

I would like to once again thank Stephen for reporting the problem and
providing the necessary information to reproduce it and fix the bug.

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ