Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Mon, 25 Jun 2012 09:58:45 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: john --show

On Sun, Jun 24, 2012 at 07:19:39PM -0400, Brad Tilley wrote:
> Is the output of --show stable? Does it change often?

It's been stable so far.  It hasn't changed in the past 15 years, except
for wording in the cracked / left line and some subtleties in handling
of split hashes (bigcrypt, LM and the like).

> I plan to parse it
> and combine it with some policy checking routines I've written (minimum
> length, complexity checking, etc.) so when performing audits I can provide
> more details to the clients and managers receiving the reports. So rather
> than just showing, "yes, these user account passwords were cracked", I can
> show if the cracked account passwords met the existing password complexity
> policy, or not.

Sounds good.

A problem is that there's no escaping of colons that might be part of
passwords.  We'll need to add a new output mode to take care of that.

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ