Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 May 2008 16:50:59 -0400
From: bofh <>
Subject: Re: 15 characters

On Wed, May 28, 2008 at 4:31 PM, Solar Designer <> wrote:

> As you probably know, most root compromises occur by means other than
> cracking a root password.

Yes.  At this point, this is more of a "I want to see it" than anything
else.  It does not matter one bit to me because if I want root, I can give
myself root, since I run the provisioning system :) :)

> > How does JtR deal with two simultaneous sessions?
> Please refer to the FAQ:

Thank you very much.  I'm so embarrassed to admit that I actually did read
it, but apparently it slipped my mind when I asked.

> > Also, you've never mentioned the hash type you're dealing with, although
> > > it is very relevant and might affect my advice.
> >
> > Whatever is the standard/default on aix 5.2.
> I don't know about 5.2 specifically, but I'd expect to see "bigcrypt"
> there, which means that passwords longer than 8 characters are not
> supported for real (rather, they're split in 8-character halves, which
> JtR cracks separately - so there's no reason to have JtR try candidate
> passwords of longer than 8 characters).  What does the "Loaded ..." line
> say?  How many characters are there in encodings for your target hashes?

Loaded 347 password hashes with 176 different salts (Traditional DES
[128/128 BS SSE2])

Doesn't look like it's split into 8-character halves?  So, go make one to
run from 9-12 characters then :)

Thanks again!

"This officer's men seem to follow him merely out of idle curiosity." --
Sandhurst officer cadet evaluation.
"Securing an environment of Windows platforms from abuse - external or
internal - is akin to trying to install sprinklers in a fireworks factory
where smoking on the job is permitted." -- Gene Spafford
learn french:

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.