Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 6 Oct 2005 04:51:36 +0400
From: Solar Designer <>
Subject: Re: Newbie question on jtc show

On Wed, Oct 05, 2005 at 09:22:23PM +0400, Solar Designer wrote:
> On Wed, Oct 05, 2005 at 11:55:55AM -0500, Shashank Khanvilkar wrote:
> > #>john -show passwd.2
> > Administrator:???????:500:31d6cfe0d16ae931b73c59d9e0c089c0:::
> > Guest:???????:501:31d6cfe0d16ae931b73c59d7e0c089c0:::
> > --SNIP--
> > 
> > what do these "???" signify
> John uses the question marks to indicate uncracked portions of
> partially-cracked passwords.  However, in your case this appears to be a
> bug in the version of John you're using.  What version was that?

This was determined to be a bug in John 1.6 ("stable") in that it fails
to properly detect LM hashes of empty passwords when those hashes are
encoded with lowercase characters.  I believe the original PWDUMP used
all-uppercase characters.

This has been corrected shortly after John 1.6 release...  Yes, it's
high time I put out a John 1.7.

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ