Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 24 Mar 2012 16:07:44 +0100
From: magnum <>
Subject: Re: [JtR patch] Fast cracker for Mozilla Firefox, Thunderbird
 and SeaMonkey master passwords.

On 03/24/2012 02:26 PM, Dhiru Kholia wrote:
> On Sat, Mar 24, 2012 at 5:50 PM, Dhiru Kholia <> wrote:
>> On Sat, Mar 24, 2012 at 5:46 PM, magnum <> wrote:
>>> On 03/24/2012 01:12 PM, magnum wrote:
>>>> BTW Dhiru, I also tried the format on a db without a master password
>>>> set. This was not detected and apparently this is not the same as a
>>>> nullstring password so john started to try cracking and will prbably
>>>> never succeed. Is there a way you could detect this situation, maybe in
>>>> mozilla2john already?
> Can you try running the *new* mozilla2john (C version, patch attached)
> and see if it fixes the problem?

I can't reproduce the problem even with the old code. I think we should
ignore this for now, I may have done something wrong in my testing.

> Also, even if we disable "HAVE_NSS" in Makefile, mozilla2john symlink
> in run/ is created. Can we somehow avoid this?

Enclosed patch seems to do the trick.

I think the messages when not enabled (below) should include the fact
that you need to uncomment HAVE_NSS in Makefile. Also, the mozilla2john
warning could be completely muted IMHO - it's enough with one notice.
Alternatively, you could leave the mozilla_fmt warning as-is and change
the mozilla2john warning to say "If NSS is installed, you need to define
HAVE_NSS in Makefile"

mozilla_fmt.c:182:2: warning: #warning Note: Mozilla format disabled -
it needs NSS (and NSPR) installed [-Wcpp]
mozilla2john.c:59:2: warning: #warning Note: mozilla2john utility
disabled - it needs NSS (and NSPR) installed [-Wcpp]


View attachment "havenss.diff" of type "text/x-patch" (1384 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.