Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 24 Nov 2012 11:36:04 +0100
From: magnum <>
Subject: Re: John not "showing" cracked passwords in pot file

On 11/24/2012 06:59 AM, wfdawson wrote:
> Using the familiar "hello" raw-md5 hash...
> $ cat user
> user:5d41402abc4b2a76b9719d911017c592
> $ john --show --format=raw-md5 user
> 0 password hashes cracked, 1 left
> $ grep 5d41402abc4b2a76b9719d911017c592 ~/.john/john.pot
> 5d41402abc4b2a76b9719d911017c592:hello

> It finally hit me - my legacy pot file is missing the tag that current versions of john prepend to the hash.  A "proper" john.pot should have:
> $ cat john.pot
> $dynamic_0$5d41402abc4b2a76b9719d911017c592:hello
> $ ./john --show --pot=john.pot --format=raw-md5 user
> user:hello
> 1 password hash cracked, 0 left

This is probably a bug. I recall we have fixed it before but it keeps 
crawling back. Off the top of my head we made this decision years ago 

- when loading hashes, accept tags or not
- when using --show, accept tags or not (your case)
- when writing to pot file, always include the tag

> My pot file has 1340887 untagged hash lines out of 5132667 total.  It seems that lotus5 and dominosec hashes don't get a tag, so that's a legitimate circumstance for much of my pot file.
> I suppose I could clean this up by moving my john.pot to another location and artificially re-crack the assembled hashes by iterating over the known hash types to rebuild the "missing" tags.  Is there an easier way to get there?

Easiest way to do just that is using --loopback mode, as you may already 
know. Eg:

$ john --loop --format=raw-md5
$ john --loop --format=nt
$ john --loop --format=raw-sha1


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.