Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 24 Feb 2008 05:52:13 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: single character passwords on stdout

On Mon, Feb 18, 2008 at 08:26:48PM +1300, Russell Fulton wrote:
> Over the weekend I ran a couple of thousand LM hashes through JTR.  I  
> remembered seeing a whole bunch of single character passwords scroll  
> up the screen and vanish rapidly off the top.
...
> What I did find in the --show output were several passwords listed  
> as ???????X where 'X' was a digit or uppercase char.  I'm guessing  
> that these were what I briefly glimpsed disappearing off the screen  
> and represent the second hash from an 8 char password  which JtR  
> processes separately.

That's correct, and you can confirm it by checking out the log file -
for the second halves, it will list usernames such as "user:2" - it's
the ":2" which refers to the second hash half.

Also, it is likely that many first halves got cracked that correspond to
the single-character second halves - so some of those single-character
"passwords" that you saw scroll off the screen actually correspond to
last characters of fully cracked passwords that you see on "--show".
I mean that you don't see all of those single-character "passwords" on
the lines with the question marks - many are on lines without any
question marks. :-)

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.