Date: Mon, 3 Apr 2006 22:55:15 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: John-the-ripper run on Trusted HP-UX On Mon, Apr 03, 2006 at 09:39:24AM -0700, Greg Barry wrote: > Everything works fine with john-the-ripper on the machine except when > users set their passwords to greater than 8 characters. > > For these accounts, john always marks them as cracked with output like > the following: > > guesses: 4 time: 0:00:52:13 c/s: 152516 trying: vx25 - vxs7 > Loaded 22 password hashes with 22 different salts (Traditional DES > [32/32x8V BS]) > 03/31/06 11:31:15 $ (h0058:2) > 03/31/06 11:31:15 7 (h0094:2) > 03/31/06 11:32:30 11a (h0018:2) > 03/31/06 11:35:16 3f (h0015:2) (I am curious how you made it print timestamps here - a custom patch? Was the information available in the log file insufficient?) This is correct. This output means that John has successfully cracked the endings of those passwords (characters past 8). For example, h0058's password is 9 characters long and ends in a dollar sign. The ":2" after usernames means "second part of the password". In general, you should not draw conclusions on what is cracked and what is not based on the console output of a John cracking session. Instead, you should be using "john --show". There are other cases where there can be legitimate discrepancies between the cracking session and "john --show" output. For example, John might not load duplicate hashes for cracking - so it would only report one of the affected usernames while cracking - yet "john --show" would correctly report all of the usernames which share the cracked hash. The information recorded in john.pot and .log files is similar in nature to the console output of a running session. Thus, "john --show" is the only correct way to obtain the results of John cracking runs - with the required post-processing of the data. > Is there any way to configure john-the-ripper to support passwds greater > than 8 characters on trusted HP-UX systems? As you can see, John already supports those - with no need to configure anything. P.S. Modern PA-RISC systems are 64-bit, yet the hpux-* targets in John are currently 32-bit only. Unfortunately, I don't possess a 64-bit PA-RISC system. I'd be grateful if anyone would be willing to help add the proper targets into John's Makefile (which should be trivial) and/or test them. This should give an almost 2x speedup at DES-based hashes. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.