Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 25 Jan 2008 23:52:36 +0300
From: Solar Designer <>
Subject: Re: What type of passwords does john crack?

On Fri, Jan 25, 2008 at 02:41:06PM -0500, Steve ...... wrote:
> anyways I got it installed with jumbo patch john-1.7-all-4.diff.gz ...

This is not related to your "problem", but in general it is better to
use the latest revision of the jumbo patch, which is currently
john-1.7.2-all-9.diff.gz (yes, you'll apply this one on top of 1.7.2).

> now I have to run john from /etc/john or I get an fopen: john.ini: No such
> file or directory error. =/

That's weird.  You must have done something wrong.

> anyways point is it still doesnt work...
> root@box:~/hash# /etc/john/john --format=raw-MD5 tmp
> No password hashes loaded
> root@box:~/hash# cat tmp
> ThePumpe:b3759125aa3bf99b7f4c10d9c87046c
> Lane:4b6ac052d0892133682eff29d1a62c5
> Aquil:88ce5a69882e9c8560792c632a4946a
> Joyc:35afac8f58f984651bd96986932c546

Of course, this won't work.  As Marti has correctly pointed out, those
31-character strings are definitely not MD5 hashes, or at least not
complete MD5 hashes.  (In fact, they also don't appear to be incomplete
MD5 hashes with first or last 4 bits dropped, but I can't say for sure.)

Also, it is a bad practice to unnecessarily do things as root.  "john"
does not require root privileges.

Finally, the hashes that you posted in your first message in this thread
were different - two of the four were 32-character strings (potentially
they are in fact raw MD5 hashes, although noone will tell you for sure
until you crack them) and the other two were 13-character strings (so
they look like they are from a traditional DES-based crypt(3) - and at
least one of them is in fact easily crackable).

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.