Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Apr 2006 08:24:36 +0400
From: Solar Designer <>
Subject: Re: new at this cracker business


I wrote:
> >While the output of John cracking sessions can be informative, that's
> >not what you should be using to obtain the cracked passwords.  Use
> >"john --show SAM.txt" instead - this will combine the halves for you.

On Fri, Apr 07, 2006 at 04:17:13AM +0000, jay rubin wrote:
> When I run the above command line it stated 4 passwords cracked, 4 left

More correctly, it should have been referring to "password hashes", not
"passwords" - where it counts LM hash halves as separate hashes (I know,
this is not perfect).

> but did not try to crack the remaining 4.

Indeed.  The "--show" option, as the name suggests, just displays
whatever is already cracked.  It does not crack anything new.

If you want John to try to crack some of the remaining hashes, you can
"--restore" a previous cracking session (preferred) or start a new one.

Didn't you say you already had more of these cracked, though?  Did you
possibly delete your john.pot and start anew?

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.