Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Dec 2006 18:48:40 -0700
From: "Olivier Meyer" <roguefugu@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: is it allowed to ask help to crack 1 or 2 HASH in this list ?

I agree with the fact that if someone cracks a hash, they probably
will not return the password. However, if people are allowed to submit
hashes, it should be on another mailing list, so people who want to
use their cpu cycles to crack someone else's hash can do so, and so
people who do not want to read about this do not have to.

On 12/28/06, Russell Fulton <r.fulton@...kland.ac.nz> wrote:
>
>
> Solar Designer wrote:
> > Oh, I've actually rejected a posting with an excerpt from a likely
> > stolen password file with some easily crackable hashes.  The message
> > claimed that those hashes were hard to crack, which was not true.  What
> > do others think - should this kind of postings be allowed, too, such as
> > to provide test material (although there's plenty of it available with
> > Google if you use the right keywords)?  Should the moderators bother to
> > check whether the hashes are in fact not trivial to crack before
> > accepting or rejecting a posting?  I certainly don't expect to always
> > have the time for that.
> >
> The posting of hashes for others to crack is obviously open to abuse.  I
> don't have strong feelings about whether or no the list should allow
> such posts bit admit that the feelings that I do have lean towards
> saying  no.  My main reason for this is that I really don't see what use
> these posts are to anyone and I certainly agree with the poster who said
> that if they ever cracked any hash posted here they would never return
> the result.
>
> I do feel (quite strongly) that if the list does accept hashes then we
> should accept all hashes.  As Solar says the moderators won't always
> have time to check that hashes posted are indeed difficult to crack.  If
> we start screening hashes then an expectation is established that
> screening will take place -- this could theoretically have legal
> implications if some trivial stolen hashes were posted here, not checked
> by the moderators and subsequently broken and then used.  It could be
> argued that the moderators where negligent.
>
> Russell
>
>
> --
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
> to the automated confirmation request that will be sent to you.
>
>


-- 
--
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ