Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150715144302.GB3624@openwall.com>
Date: Wed, 15 Jul 2015 17:43:02 +0300
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Default attack format

On Wed, Jul 15, 2015 at 04:33:57PM +0200, magnum wrote:
> On 2015-07-15 16:00, Shinnok wrote:
> >Is there a method to find out which format will John attack by
> >default for a given password file, for either core or jumbo? We are
> >in the process of sorting out the format confusion for Johnny and we
> >need to figure out what to do for the default format case.
> >
> >https://github.com/shinnok/johnny/issues/61
> 
> I believe the ultimate answer is "the first format that was registered [as
> in fmt_register()] who's valid() doesn't reject all hashes in the file".
> 
> For example, LM and various NT alternatives will accept hashes in pwdump
> format. LM is registered before NT, so LM wins. I think this is true even
> for files that eg. contain both LM and NT and where all uncracked ones are
> the latter. It will still pick LM, and say all (of them) were cracked.
> 
> The output of --list=formats is currently in register order.
> 
> However, what you need is more like a pre-diagnose for a given file. Not
> sure how you should go about that. There are workarounds: For example,
> background a `john -stdin hashfile <<< ""` and track the output. This has
> the side-effect you will never miss to crack an empty password.

I think --show=types could do the job: the first format in the first
line with 1+ formats listed is the default one. But it is in jumbo
only.

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.