Date: Mon, 03 Apr 2006 14:08:33 -0700 From: Greg Barry <Gregory_W_Barry@...gov> To: john-users@...ts.openwall.com Subject: Re: John-the-ripper run on Trusted HP-UX > On Mon, Apr 03, 2006 at 09:39:24AM -0700, Greg Barry wrote: > > Everything works fine with john-the-ripper on the machine except when > > users set their passwords to greater than 8 characters. > > > > For these accounts, john always marks them as cracked with output like > > the following: > > > > guesses: 4 time: 0:00:52:13 c/s: 152516 trying: vx25 - vxs7 > > Loaded 22 password hashes with 22 different salts (Traditional DES > > [32/32x8V BS]) > > 03/31/06 11:31:15 $ (h0058:2) > > 03/31/06 11:31:15 7 (h0094:2) > > 03/31/06 11:32:30 11a (h0018:2) > > 03/31/06 11:35:16 3f (h0015:2) > > (I am curious how you made it print timestamps here - a custom patch? > Was the information available in the log file insufficient?) > Yes , the timestamps were a custom change > This is correct. This output means that John has successfully cracked > the endings of those passwords (characters past 8). For example, > h0058's password is 9 characters long and ends in a dollar sign. The > ":2" after usernames means "second part of the password". > Am I correct to assume that john has run against the first 8 chars of the passwd as well as the characters past 8 > In general, you should not draw conclusions on what is cracked and what > is not based on the console output of a John cracking session. Instead, > you should be using "john --show". I forget to do this. Will add to our standard procedures. Thanks > > There are other cases where there can be legitimate discrepancies > between the cracking session and "john --show" output. For example, > John might not load duplicate hashes for cracking - so it would only > report one of the affected usernames while cracking - yet "john --show" > would correctly report all of the usernames which share the cracked > hash. > > The information recorded in john.pot and .log files is similar in nature > to the console output of a running session. > > Thus, "john --show" is the only correct way to obtain the results of > John cracking runs - with the required post-processing of the data. > > > Is there any way to configure john-the-ripper to support passwds greater > > than 8 characters on trusted HP-UX systems? > > As you can see, John already supports those - with no need to configure > anything. > > P.S. Modern PA-RISC systems are 64-bit, yet the hpux-* targets in John > are currently 32-bit only. Unfortunately, I don't possess a 64-bit > PA-RISC system. I'd be grateful if anyone would be willing to help add > the proper targets into John's Makefile (which should be trivial) and/or > test them. This should give an almost 2x speedup at DES-based hashes. > > -- > Alexander Peslyak <solar at openwall.com> > GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 > http://www.openwall.com - bringing security into open computing environments > > Was I helpful? Please give your feedback here: http://rate.affero.net/solar > > -- > To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply > to the automated confirmation request that will be sent to you. Greg Barry, Systems Analyst Unix Systems Management Lockheed Martin Information Technology, Hanford, Richland WA Phone: 509-376-1652 Page: 85-9550 Email: e6b564@...gov ________________________________________________________________________
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.