Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 Mar 2011 08:49:25 +0300
From: Solar Designer <>
Subject: Re: --salts vs --salt-list... and a tiny fix

On Tue, Feb 01, 2011 at 01:29:28PM +0100, magnum wrote:
> The (jumbo patch option) --salt-list is very buggy. I never noticed 
> until now but it's mentioned before on this list. In fact I can't get to 
> work at all with eg. DES and MD5, it just segfaults. It would be nice to 
> have this fixed but unfortunately I'm not able to contribute.

I think we just need to drop it.

> So we're stuck with the --salts option. The problem with this one is 
> that if you resume a job, the remaining number of salts have likely 
> decreased. If you picked the most frequent hash, chances are the job 
> will resume with no hashes loaded. If you picked a lower minimum or a 
> range, it will load hashes but you can't really predict the behaviour - 
> it will resume on a different set (or at best a subset) of the hashes 
> than what was used before stopping the job.

Actually, this was intentional, but IIRC I made that decision before I
implemented the --salts=-COUNT feature (load the slower to crack salts
only).  With this feature in place, I agree that "stability" is needed.

> I just had a look at this and found out that if you just swap two lines 
> in loader.c, john will apply the --salts threshold (or range) before 
> nuking already cracked passwords. Some testing indicate it doesn't have 
> any ill side-effects but I am not 100% sure about all possible cases.

I've just committed this change into what will become 1.7.7.  You can
see the new stuff here:

and you can checkout or download it using instructions from:

(anoncvs or native.tar.gz via FTP or HTTP).



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.