Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Jul 2015 10:46:04 -0400
From:  <>
Subject: Re: Default attack format

---- magnum <> wrote: 
> On 2015-07-15 16:00, Shinnok wrote:
> > Is there a method to find out which format will John attack by
> > default for a given password file, for either core or jumbo? We are
> > in the process of sorting out the format confusion for Johnny and we
> > need to figure out what to do for the default format case.
> >
> >
> I believe the ultimate answer is "the first format that was registered 
> [as in fmt_register()] who's valid() doesn't reject all hashes in the file".

I answered on the github issue.  Actually, it is the first line at all that has a valid() which returns true from any format that is currently registered.  And yes, the valid() functions are called in the order that the formats were registered in john, if that first line has multiple formats which return true to valid()..  But it does not matter that valid() doesn't reject all hashes.    The 'default' hash may be for a single line in the file, where the entire rest of the file is of different hash types.

But having an outside tool be able to 'know' what the default is, most likely is not a good task to undertake.  That tool would have to know all of the formats that are registered in john, and their order, and also know all of the logic from all of the valid() and prepare() functions for all formats.   Currently there is no mechanism to 'know' this, other than running a very short test to see what john uses, THEN be able to show this and re-run john on the longer real run, but being able to either specify the default, or to know it for display reasons.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.