Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 28 Dec 2006 18:48:40 -0700
From: "Olivier Meyer" <roguefugu@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: is it allowed to ask help to crack 1 or 2 HASH in this list ?

I agree with the fact that if someone cracks a hash, they probably
will not return the password. However, if people are allowed to submit
hashes, it should be on another mailing list, so people who want to
use their cpu cycles to crack someone else's hash can do so, and so
people who do not want to read about this do not have to.

On 12/28/06, Russell Fulton <r.fulton@...kland.ac.nz> wrote:
>
>
> Solar Designer wrote:
> > Oh, I've actually rejected a posting with an excerpt from a likely
> > stolen password file with some easily crackable hashes.  The message
> > claimed that those hashes were hard to crack, which was not true.  What
> > do others think - should this kind of postings be allowed, too, such as
> > to provide test material (although there's plenty of it available with
> > Google if you use the right keywords)?  Should the moderators bother to
> > check whether the hashes are in fact not trivial to crack before
> > accepting or rejecting a posting?  I certainly don't expect to always
> > have the time for that.
> >
> The posting of hashes for others to crack is obviously open to abuse.  I
> don't have strong feelings about whether or no the list should allow
> such posts bit admit that the feelings that I do have lean towards
> saying  no.  My main reason for this is that I really don't see what use
> these posts are to anyone and I certainly agree with the poster who said
> that if they ever cracked any hash posted here they would never return
> the result.
>
> I do feel (quite strongly) that if the list does accept hashes then we
> should accept all hashes.  As Solar says the moderators won't always
> have time to check that hashes posted are indeed difficult to crack.  If
> we start screening hashes then an expectation is established that
> screening will take place -- this could theoretically have legal
> implications if some trivial stolen hashes were posted here, not checked
> by the moderators and subsequently broken and then used.  It could be
> argued that the moderators where negligent.
>
> Russell
>
>
> --
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
> to the automated confirmation request that will be sent to you.
>
>


-- 
--
Unix is very simple, but it takes a genius to understand the simplicity.
(Dennis Ritchie)

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.