Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 May 2008 14:30:59 -0700 (GMT-07:00)
From: Richard Schlein <schlein1@...thlink.net>
To: john-users@...ts.openwall.com
Subject: Re: 15 characters

>> I don't know about 5.2 specifically, but I'd expect to see "bigcrypt"
>> there, which means that passwords longer than 8 characters are not
>> supported for real (rather, they're split in 8-character halves, which
>> JtR cracks separately - so there's no reason to have JtR try candidate
>> passwords of longer than 8 characters).  What does the "Loaded ..." line
>> say?  How many characters are there in encodings for your target hashes?

Do you know if Mac OS X 10.4.11 splits passwords into 8-character halves? I'm starting with a small test file where there are 48 characters in the encoding for the target hashes and the "Loaded..." line reads:

Loaded 2 password hashes with 2 different salts (Salt SHA1 [salt-sha1])

Thanks.

-----Original Message-----
>From: bofh <goodb0fh@...il.com>
>Sent: May 28, 2008 1:50 PM
>To: john-users@...ts.openwall.com
>Subject: Re: [john-users] 15 characters
>
>On Wed, May 28, 2008 at 4:31 PM, Solar Designer <solar@...nwall.com> wrote:
>
>> As you probably know, most root compromises occur by means other than
>> cracking a root password.
>>
>
>Yes.  At this point, this is more of a "I want to see it" than anything
>else.  It does not matter one bit to me because if I want root, I can give
>myself root, since I run the provisioning system :) :)
>
>
>> > How does JtR deal with two simultaneous sessions?
>>
>> Please refer to the FAQ:
>>
>
>Thank you very much.  I'm so embarrassed to admit that I actually did read
>it, but apparently it slipped my mind when I asked.
>
>> > Also, you've never mentioned the hash type you're dealing with, although
>> > > it is very relevant and might affect my advice.
>> >
>> > Whatever is the standard/default on aix 5.2.
>>
>> I don't know about 5.2 specifically, but I'd expect to see "bigcrypt"
>> there, which means that passwords longer than 8 characters are not
>> supported for real (rather, they're split in 8-character halves, which
>> JtR cracks separately - so there's no reason to have JtR try candidate
>> passwords of longer than 8 characters).  What does the "Loaded ..." line
>> say?  How many characters are there in encodings for your target hashes?
>>
>
>Loaded 347 password hashes with 176 different salts (Traditional DES
>[128/128 BS SSE2])
>
>Doesn't look like it's split into 8-character halves?  So, go make one to
>run from 9-12 characters then :)
>
>Thanks again!
>
>
>
>
>-- 
>http://www.glumbert.com/media/shift
>http://www.youtube.com/watch?v=tGvHNNOLnCk
>"This officer's men seem to follow him merely out of idle curiosity." --
>Sandhurst officer cadet evaluation.
>"Securing an environment of Windows platforms from abuse - external or
>internal - is akin to trying to install sprinklers in a fireworks factory
>where smoking on the job is permitted." -- Gene Spafford
>learn french: http://www.youtube.com/watch?v=j1G-3laJJP0&feature=related


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.