Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 May 2015 13:26:37 +0200
From: Marek Wrzosek <>
Subject: Re: Bleeding jumbo now defaults to UTF-8

W dniu 24.05.2015 o 06:17, Solar Designer pisze:
> On Fri, May 22, 2015 at 06:33:42PM +0200, magnum wrote:
>> On 2015-05-22 16:48, Marek Wrzosek wrote:
>>> That's a great news! What is the simplest way to "repair" all.lst from
>>> Openwall?
>> I bet it's a mix of encodings so can't simply be converted.
> Yes.  And maybe it should stay as a mix of encodings despite of magnum's
> change, because quite often multiple encodings may possibly have been
> used in target passwords.  I am worried that some lines are not valid
> UTF-8, though.  How do we ensure those are tested against the hashes
> verbatim, like core (non-jumbo) JtR would test them?  Will this just
> happen that way despite of the recent change of default in jumbo?
> magnum, what do you suggest we do?  Simply assuming that e.g. md5crypt
> hashes are likely of UTF-8 plaintexts won't do.  Some of them might be,
> but some older ones might be iso-8859-1 or koi8-r or windows-1251 as
> well.  That's why current all.lst mixes all of these encodings together.
> Alexander
I understand why there are mixed encodings in all.lst and it should stay
that way but I don't think it's still possible to use this all.lst with
jumbo anymore, so maybe adding second "all.lst" list with only UTF-8
will do. The bad news is that in order to guess plaintext of hashes with
encoding different than UTF-8 using jumbo one will need to run jumbo
several times using different --target-encoding option. The good news is
that jumbo will display passwords correctly but unfortunately the
information about what encoding particular hash was using is gone (but
it's easy to guess, I think).
Changing defaults to UTF-8 also affects Incremental mode. Using
Incremental with Latin1 charset requires use of --target-encoding=cp1252
because otherwise passwords with Latin1 encoding will be written to
john.pot. Maybe jumbo should set target encoding automatically to cp1252
if Incremental with Latin1 is used.

Best Regards
Marek Wrzosek

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.