Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Mar 2006 05:16:53 +0000
From: "hadzijj qwerty" <hadzijj@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: does john crack xp passwords correctly?

>On Sat, Mar 11, 2006 at 04:46:04AM +0000, hadzijj qwerty wrote:
> > In the meantime I found another thing that I'd like to ask about. You 
>wrote
> > about letter "M" that john didn't check if it's lower or upper-case. So
> > when it will finish looking for the first 7 chars of my password will 
>their
> > case be unknown as well?
>
>Yes.  The case of characters is unimportant for determining whether a
>given Windows password is weak or not.
>
>However, if you're cracking those passwords for another purpose, you may
>apply the unofficial NTLM hashes support patch to John, then have it
>guess the proper case of characters in passwords it would have cracked
>based on LM hashes.
>
>JtR 1.7 includes the following hack in the default john.conf:

[..]

Thanks.

> > $ dpkg -l | grep john
> > ii  john                       1.6-39                         active
> > password cracking tool
> >
> > It looks that my debian would like to argue with you :)
>
>No, everything is in agreement now.  You've been using version 1.6-39 of
>the Debian package (which is Debian's 39th revision of the package of
>John 1.6), not John version 1.6.39.  Those two are entirely different
>versions.

I haven't known that :)

Thanks a lot,
Hadzij

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.com/

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ