Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Dec 2006 11:14:31 +1300
From: Russell Fulton <r.fulton@...kland.ac.nz>
To: john-users@...ts.openwall.com
Subject: Re: is it allowed to ask help to crack 1 or 2 HASH in
 this list ?



Solar Designer wrote:
> Oh, I've actually rejected a posting with an excerpt from a likely
> stolen password file with some easily crackable hashes.  The message
> claimed that those hashes were hard to crack, which was not true.  What
> do others think - should this kind of postings be allowed, too, such as
> to provide test material (although there's plenty of it available with
> Google if you use the right keywords)?  Should the moderators bother to
> check whether the hashes are in fact not trivial to crack before
> accepting or rejecting a posting?  I certainly don't expect to always
> have the time for that.
>   
The posting of hashes for others to crack is obviously open to abuse.  I
don't have strong feelings about whether or no the list should allow
such posts bit admit that the feelings that I do have lean towards
saying  no.  My main reason for this is that I really don't see what use
these posts are to anyone and I certainly agree with the poster who said
that if they ever cracked any hash posted here they would never return
the result. 

I do feel (quite strongly) that if the list does accept hashes then we
should accept all hashes.  As Solar says the moderators won't always
have time to check that hashes posted are indeed difficult to crack.  If
we start screening hashes then an expectation is established that
screening will take place -- this could theoretically have legal
implications if some trivial stolen hashes were posted here, not checked
by the moderators and subsequently broken and then used.  It could be
argued that the moderators where negligent. 

Russell


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ