Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 8 Apr 2012 16:43:11 -0400
From:  <jfoug@....net>
To: john-users@...ts.openwall.com
Cc: Solar Designer <solar@...nwall.com>
Subject: Re: inconsistent number of cracked hashes in dynamic_6

Ok, 

I built a program to 'fix' the input file.  Once fixed, with the new password.lst file, it finds 65, no problem.

Here is the code (email will probably screw this up, but it is very simple, I will explain after the code).

#include <stdio.h>
#include <string.h>

char *tohex(char *cp) {
   static char Buf[24];
   char *cpo=Buf;
   strtok(cp, "\r\n");
   while (*cp)
      cpo += sprintf(cpo, "%02x", *cp++);
   return Buf;
}
int main() {
   char Line[256];
   fgets(Line, 256, stdin);
   while (!feof(stdin)) {
      printf("%32.32s$HEX$%s\n", Line, tohex(&Line[33]));
      fgets(Line, 256, stdin);
   }
   return 0;
}


This proggy, changes the salt into a $HEX$ value.  What is going on, is that the salts are ALL screwed up (several of them). Things have changed over the versions.   First off, this SHOULD not have used dynamic_6.  All of the salts that have ':' in them, will be busted.  That is why john is not finding all lines. There are 451 lines, but only 443 of them were even loaded by john (for me).  I believe this is due to these 2 characters:

:    and \

The : is a field separator within john.  Thus, when there are ':' chars in the salts, john itself will screw up the salt, and these either will not be loaded at all, or will have a short salt that is invalid (which may also cause the line ot not be loaded.

The other char, the \ may be used in newer john.

NOTE, any time, there are binary salts, build the files correctly, so that john can load them without ambiguity.

Jim.

---- Solar Designer <solar@...nwall.com> wrote: 
> On Sun, Apr 08, 2012 at 04:00:09PM -0400, jfoug@....net wrote:
> > Are we trying with the same dictionary file?  I think password.lst file changed recently.  Could this be 'part' of the problem?
> 
> Hardly.  Well, or at most _part_ of the problem.  It can't explain
> changes in guess count between invocations of the same version of JtR.
> 
> > I am digging through machines right now, looking for the older version.  I think I have it, but not sure.
> 
> You can get older versions of password.lst from the CVS repository:
> 
> http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/john/john/run/
> 
> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.