Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 28 Jan 2013 22:16:29 -0500
From:  <jfoug@....net>
To: john-users@...ts.openwall.com
Cc: Solar Designer <solar@...nwall.com>
Subject: Re: can't get jtr to ID this

the changes to wpapsk_fmt.c (and .h??) were sent to magnum, and I thought he had put this into bleeding (and unstable?).

the wpapcap2john has not been released.  It is not 'done', but does work pretty well.  It was done using information from some 'how-to' tutorials on WPA cracking telling about which packets make up the 'proper' parts of the 4way, and using wireshark and aircrack-ng to show what parts of the packets were needed.

But I have seen first hand, if the 4ways are multiple partials, mostly of the AP, with a few client parts thrown in, that aircrack-ng will often build hashes incorrectly, and also if trying to crack, it will never crack the hash.  In other words, it is NOT finding the proper 4-way.  I have also seen airodump-ng list that it captured a WPA-4way, when it has not captured a proper 4way.    I am not 100% sure this is the case (airodump-ng)

I will continue doing some testing, and get this into JtR 'proper' later.  Right now, the tool is stand alone, it is NOT a spawn from JtR.

---- Solar Designer <solar@...nwall.com> wrote: 
> Jim -
> 
> On Mon, Jan 28, 2013 at 09:41:14PM -0500, jfoug@....net wrote:
> > I have tested this, with the most current version of wpapsk.  I did that version (CPU), giving it SIMD.
> 
> Is this some code you're working on that you have not even mentioned on
> john-dev, nor on GitHub?  We do need SIMD-enabled WPA-PSK CPU format,
> indeed.  It'd be a very welcome contribution from you.  I hope you'll
> bring it to the proper channels soon. :-)
> 
> > It cracks this just fine.
> 
> Great.  So basically you're saying that future versions will be immune
> from the bug reported here.  (And it appears that bleeding-jumbo is
> already OK anyway, per my testing.)
> 
> > I have also been working on a wpapcap2john which properly converts straight from pcap files, into jtr input.
> 
> Cool!  This is a very welcome contribution too.  Thank you!
> 
> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.