Date: Sat, 26 Jan 2008 08:32:34 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: What type of passwords does john crack? Responding to three of Steve's postings at once: On Fri, Jan 25, 2008 at 04:45:07PM -0500, Steve ...... wrote: > > > now I have to run john from /etc/john or I get an > > > fopen: john.ini: No such file or directory error. =/ ... > actually it appears to be a common problem on google. I reinstalled > everything including the latest jumbo patch and this problem still exists.. > not a biggie though for me anyways, just letting you know this problem > exists. The error message is common, but its causes differ. The problem exists for you because you've done something wrong - such as trying to "install" JtR. Normally, JtR should not be "installed" - you simply run it from the "run" directory, where both the "john" binary executable and the configuration file reside. However, if you really want to install it for some weird reason, you must build it with system-wide installation support enabled - this is a setting in params.h - and then install to the right directories (not just to anywhere). Normally, this is only done by packagers (that is, for distribution of a pre-built package), so I do not recommend it for you. On Fri, Jan 25, 2008 at 05:39:52PM -0500, Steve ...... wrote: > anyways using DES or raw-MD5 appertenly there are no weak > passwords cause none of them were cracked, YET. One of the hashes you posted in your first message in this thread is in fact easily crackable (within seconds) with "--format=des". As to "raw-MD5", as you have shown (with the code) these hashes are not raw MD5. The encoding syntax is the same, which is why JtR agrees to load them as if they were raw MD5. On Fri, Jan 25, 2008 at 09:04:54PM -0500, Steve ...... wrote: > HMAC.. shoot. I just started creating a rainbow table thats gonna take > 2.2days. Now that I know its not a plain MD5 I dont think rainbow > tables will work with it do you?.. Rainbow tables in general may work with HMACs, but you'd need an appropriate implementation and you'd have to generate separate tables for each HMAC key. The rainbow tables that you're generating are probably not for HMAC-MD5 at all, so they won't work. Also, if you only need to crack this specific set of hashes once, generating your own rainbow tables is a waste of time. You'll spend at least the same amount of CPU time on generating the tables than you would on cracking the hashes directly. Then you'll also be spending more time on cracking the hashes with the rainbow tables, one hash at a time (as opposed to all hashes at once, which JtR does for saltless hashes such as raw MD5, or which it could do for HMACs with a fixed key if someone implements the support). -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.