Date: Wed, 20 Jan 2010 19:41:47 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: john 1.4.2 with jumbo patch 1 - lm hash problem On Wed, Jan 20, 2010 at 09:43:24AM -0600, Greg White wrote: > >> Administrator:500:CEEB0FA9F240C200417EAF40CFAC29C3:D280553F0103F2E643406517296E7582::: [...] > > Well, you made a typo in the LM hash. With it corrected to > > CEEB0FA9F240C200417EAF50CFAC29C3 (the correct hash for "TESTTEST"), it > > gets cracked just fine. > > That is odd. It is the same hash file I have used for years and john always cracked it. I will double check my files when I get home. [...] > I was using john 188.8.131.52 for the last year or so. Well, I've just tried cracking your file, the way you posted it (with the typo) using a linux-x86-mmx build of 184.108.40.206-all-6 on a P3. I can't confirm the problem: this older version similarly does not crack the last "T" unless the typo is corrected. > I am using BT4 Final and most of the other utilities I run require root privileges. Understood. > On my productions Linux systems I always login as a user and sudo or su when needed. This is commonly regarded as a security best practice, but it is not necessarily such a great idea. Not abusing root does not imply that you have to login as a user and then su or sudo, which has its own added security risks. You could want to see: http://www.openwall.com/lists/owl-users/2004/10/20/6 http://blueroomhosting.com/help/tutorials/ssh-security.pxl (scroll down to "Direct root login considerations") Summary: when accessing remote systems, use separate direct logins as non-root and as root-privileged accounts (as necessary), don't use su/sudo to elevate privileges. This is getting off-topic, though, so no follow-ups to this part of the message on this list, please. ;-) Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.