Date: Fri, 5 Nov 2010 02:39:34 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: which john & options to use for Mac OS X 10.4+ salted SHA-1 using OSX 10.6? William, On Thu, Nov 04, 2010 at 03:24:12PM -0700, William wrote: > I'm trying to crack a old .iso of mine which I've forgotten > the pw for (really). I dumped the file and its a Mac OS X 10.4+ salted > SHA-1 This sounds weird to me. How is that .iso password protected? How did you dump the file? Are you sure you're cracking a password relevant to the .iso, rather than some other password hash you have in the system? > I've been running the john command against it for 7 days now. What would be > the best way to crack this sucker? It depends. Please start by answering my questions above, if you don't mind. Also, please mention any info you can recall about your password - its length (or a lengths range), character set, whether it was based on dictionary word(s) or not, anything else of that kind. > Should I use the patched 1.7.6 jumbo 7 macosx universal 3? You may use it, but it should not make a difference for your use, compared to JtR Pro that you're already using. > I bought the pro 1.7.3, is there a new one out? Not yet. > When i loaded it onto the MacMini, I had to dl Rosetta... That's weird. What made you arrive at the conclusion that you needed Rosetta? Did you receive some kind of error message? I'd appreciate a problem report against JtR Pro for that. JtR Pro uses a Universal binary that should run on Intel Macs just fine (as well as on PowerPC ones), without Rosetta. > I've tried to get the 1.7.6 jumbo 7 running, but it's not working. Keep getting > "-bash: john: command not found" This is addressed in the FAQ: you should be typing "./john" instead of just "john". JtR Pro avoids this problem by adding the correct directory to the default search path, specifically for those who are new to the Unix shell. > different syntax on 1.7.6? No, it's free & generic (requires skills) vs. Pro & OS-specific (easier to use if you're new to this stuff). (Yes, "Pro" is sort of misnamed... but it has to be that way.) > What's the best to use: --rules or --single or what? Initially, no options at all. Just give "john" the file to crack. Apparently, that's what you're doing already, and it did not crack the password in 7 days. If so, you may want to try customizing/focusing the attack, for which you need to consider the information you can recall about the password. There's no general answer that a single option would be better in all cases (if this were the case, that setting would have been the default). Also, please note that not all passwords are meant to be crackable (in a reasonable amount of time). This is why it makes sense for a system administrator to detect and eliminate just the weak passwords (the crackable ones). If your lost password was a strong one and you don't recall any sufficiently specific information about it, then it is quite possible that it won't get cracked. Once again, please start by confirming that you're in fact cracking what you think you are. It is quite possible that you are not. It is the first time I hear of an .iso file somehow being related to a Mac OS X salted SHA-1 hash. Best regards, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.