Date: Sun, 24 Feb 2008 05:52:13 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: single character passwords on stdout On Mon, Feb 18, 2008 at 08:26:48PM +1300, Russell Fulton wrote: > Over the weekend I ran a couple of thousand LM hashes through JTR. I > remembered seeing a whole bunch of single character passwords scroll > up the screen and vanish rapidly off the top. ... > What I did find in the --show output were several passwords listed > as ???????X where 'X' was a digit or uppercase char. I'm guessing > that these were what I briefly glimpsed disappearing off the screen > and represent the second hash from an 8 char password which JtR > processes separately. That's correct, and you can confirm it by checking out the log file - for the second halves, it will list usernames such as "user:2" - it's the ":2" which refers to the second hash half. Also, it is likely that many first halves got cracked that correspond to the single-character second halves - so some of those single-character "passwords" that you saw scroll off the screen actually correspond to last characters of fully cracked passwords that you see on "--show". I mean that you don't see all of those single-character "passwords" on the lines with the question marks - many are on lines without any question marks. :-) Alexander -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.