Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Mar 2006 04:46:04 +0000
From: "hadzijj qwerty" <hadzijj@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: does john crack xp passwords correctly?

>I wrote, regarding a half-cracked LM hash:
> > >It's seven unknown (not yet cracked) characters followed by the part of
> > >the password that's been cracked (the "M" might be upper- or 
>lower-case,
> > >though - John does not check that).  At this point, it is known that 
>the
> > >password is exactly 10 characters long - and only the first 7 
>characters
> > >remain to be cracked.

In the meantime I found another thing that I'd like to ask about. You wrote 
about letter "M" that john didn't check if it's lower or upper-case. So when 
it will finish looking for the first 7 chars of my password will their case 
be unknown as well?

[..]

>The FAQ has this entry:
>
[..]
>
>
>Did this answer your question?

Yes. It's clear now.

>
>Also, the "48/64 4K" on that line suggests that you're using an old
>version of John (probably the 1.6 release).  You should be able to get
>much better performance at LM hashes by upgrading to version 1.7.

OK. I compiled and am using the latest version from your website currently 
:)

>
> > >Provided that you use the current version of John (1.7 or newer) and 
>you
> > >run the MMX build of it, you should get your full Administrator 
>password
> > >cracked reasonably soon (two weeks worst case for a modern CPU, but
> > >chances are that you'd get it cracked _much_ quicker - within hours).
> >
> > I have a version 1.6.39 under debian unstable.
>
>The output above does not match that of version 1.6.39, so that's not
>what you're using.

$ dpkg -l | grep john
ii  john                       1.6-39                         active 
password cracking tool

It looks that my debian would like to argue with you :)

>
> > Is version 1.7 much faster?
>
>Version 1.7 is several times faster than the 1.6 release at LM hashes.
>
>My advice is that you download the 1.7.0.1 tarball, compile it (with
>"make linux-x86-mmx" if you're on an x86 machine), and use that.

Thanks. I'm running 1.7 now.

Hadzij

_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ