Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 4 Aug 2011 01:40:01 +0400
From: Solar Designer <>
Subject: Re: issues with 1.7.8-jumbo-5

On Wed, Aug 03, 2011 at 11:23:51PM +0200, magnum wrote:
> On 2011-08-03 20:06, Solar Designer wrote:
> >On a linux-x86-64 build, I am getting a segfault when using --stdin
> >or --pipe along with a large NT hash file.  With a 100k entry file, the
> >segfault occurs before the very last password would be cracked.  With a
> >1M entry file, it appears to occur a bit sooner (occurs instantly when I
> >already have 900k+ of cracked hashes in john.pot).  Need to similarly
> >test -jumbo-4 to see if it's a new bug...
> I could reproduce this:
> 1. created an NT test file from the cp1251 lower.gz from openwall (93k 
> entries)
> 2. ran John against this file, using the rockyou list as dictionary
> Segfault before one single hash was cracked. When I first tried it using 
> the same lower.gz as dictionary, all was good and everything was cracked.
> Does not happen with jumbo-2 so this is likely something Jim introduced 
> when implementing -pipe. I hope it's an easy one, the -pipe option is 
> awesome!

For me, the problem occurs with -jumbo-5, but not with -jumbo-4, but on
the other hand -jumbo-4 somehow fails to crack one of 100k passwords
(maybe an error in the input file, though).

solar@owl:~/john/john-1.7.8-jumbo-5/run $ cut -d: -f5 ~/john/pw-fake-nt1m | ./john -stdin -fo=nt ~/john/pw-fake-nt100k
encloser         (u99997)
enclosers        (u99998)
encloses         (u99999)
Segmentation fault

solar@owl:~/john/john-1.7.8-jumbo-4/run $ cut -d: -f5 ~/john/pw-fake-nt1m | ./john -stdin -fo=nt ~/john/pw-fake-nt100k
encloser         (u99997)
enclosers        (u99998)
encloses         (u99999)
guesses: 99999  time: 0:00:01:07  c/s: 74665K  trying: agterneef - agterplase
Use the "--show" option to display all of the cracked passwords reliably
solar@owl:~/john/john-1.7.8-jumbo-4/run $ cut -d: -f5 ~/john/pw-fake-nt1m | ./john -stdin -fo=nt ~/john/pw-fake-nt100k
Loaded 100000 password hashes with no different salts (NT MD4 [128/128 X2 SSE2-16])
Remaining 1 password hash
guesses: 0  time: 0:00:00:00  c/s: 1111K  trying: agterneef - agterplase

The pw-fake-nt100k file (gzip compressed) may be downloaded from:

(scroll down to the end of this wiki page)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.