Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Jan 2008 14:30:08 -0500
From: "Steve ......" <lynx.9595@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: few passwords cracked (was: different formats..)

 > Not necessarily.  Those systems might have mostly strong passwords.  It
> is impossible to tell from just the information you have provided.  (How
> many hashes did JtR load for that 15-hour cracking session?)

as shown below it loaded 838 and 3229 hashes of which 27 passwords were
cracked!

I dont believe it is entirely because they are strong passwords, if thats
the case. its from about 12 different boxses with I dont believe any
addtional security in place.. there has GOT to be more then 1 weak password
out of a total of 838 hashes... and more then 26 out of 3229 hashes.. so Im
kinda clueless as to why its not cracking properly.. I think Im gonna try
reinstall john with the newest version but I dont see that changing much.

Im not sure what else information I can provide to see what excatly is going
on.. =/

> lynx@box:~/****$ john --show smallshadow
> halu:111111:12668:0:99999:7::::
> 1 password cracked, 838 left
>
> lynx@box:~/*****/big$ john --show bigshadow
>
vmspam:none:98006:98000::::Incoming:/home/sites/site98/users/vmspam:/bin/ftponly:www.******.com
> etc.....
> 26 passwords cracked, 3229 left

> This looks good (except that you should have used "unshadow" on the
> first file and that you're using an outdated version of JtR - but this
> shouldn't have affected the number of cracked passwords that much).

> If you really let JtR run against all of those hashes for 15 hours (this
> is not seen from your posting), giving it the proper "--format=..."
> option if necessary, then most of those passwords are likely pretty
> strong.  If so, perhaps the systems have password policy enforcement in
> place.

> Another possibility is that the systems you got these files from had
> some local customizations, making some of the uncracked hashes
> incompatible with JtR, but this is unlikely.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.