Date: Wed, 21 Dec 2005 14:06:57 +1100 From: "David Luyer" <david@...er.net> To: <john-users@...ts.openwall.com> Subject: RE: john improvement suggestions > First of all, thank you for your suggestions - and thank you for posting > them in here rather than sending them to me privately. :-) > > On Mon, Dec 19, 2005 at 09:48:30PM +0000, Radim Horak wrote: > > 1. Bugs and annoyances > > - I have passwords (Traditional DES) from some old linux box, that are > longer > > than 16 chars, ie. consist of 3 hashes (crypt24?). John ignores such > passwords > > completely. I have tested them by manually cutting them. The 3rd hash > uses salt > > from the beginning of 2nd hash as 2nd hash uses the salt from beginning > of the > > 1st hash. I cannot provide the hashes nor I have access to that old > linux box. > > Yes, this should be implemented, but I wanted to see some samples from > commercial Unices first: > > http://article.gmane.org/gmane.comp.security.openwall.john.user/165 >From memory on OSF/1 (and thus Digital Unix/Tru64), this is simpler; any password over 8 chars is stored as the two salt chars followed by n x 11 characters, all using the same salt. Cracking longer passwords may be more efficient than short ones in this scheme, because: - all the early segments are known to be 8 characters and share the same salt - the end segment has a high probability of having less than 8 characters (and for that matter less than 7) So you can have one machine looking at all segments and using 8 characters, and another machine doing shorter passwords against the final segments (and share the resulting john.pot entries between the two). David.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ