Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Jan 2011 15:36:39 -0700
From: RB <>
Subject: Re: Plain Text/No-op Password Format

On Wed, Jan 19, 2011 at 14:08, Freddie Witherden <> wrote:
> I am interested to know if John supports (or there exist patches to add
> support) for a plain text password format.

I doubt one exists, but it would be relatively easy to make.  Adding
it would be no different than any other new password format, and
considerably simpler to code since you'd just be doing string ops
instead of cryptographic ones.  Someone who's actually authored one of
the _fmt.c files and made the requisite hooks within JTR would be more
qualified to tell you precisely what adding that format entails.

> My interest in such a format is in answering questions such as "with a
> given set of rules/word lists how many candidates would have to be
> generated to determine the password."

Interesting concept - I can't say that it's a complete measure of
password/wordlist/rule quality, but it's got to be more objective than
the timing tests one would currently have to engage.  This could be
approximated with the '--stdout' option and a little judicious shell
coding, but would definitely be cleaner (if unlikely faster) as
integrated code.  Unlikely faster b/c the core JTR code is still
single-threaded, that is.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.