Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 May 2015 22:50:33 +0200
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-users@...ts.openwall.com
Subject: Re: Bleeding jumbo now defaults to UTF-8

On 05/27/2015 10:31 PM, magnum wrote:
> The most reliable way is a totally different approach - just recrack
> everything. It's along the lines of this:

You might want to skip recracking all the plain ascii passwords, and may
be you prefer to convert 8 bit characters in descrypt passwords into the
corresponding 7 bit characters.
Unless, of course, you want to verify that your .pot file doesn't
contain any invalid passwords.

> 1. Create an input file by reversing the old pot file:
>    perl <john.pot >recrack.in -pe 's/^([^:]*):(.*)$/\2:\1/'

 You might need to process all candidates containing colons in a
different way.

> 2. Rename old john.pot and write-protect it until your done with all
> conversions, so you don't accidentally blow it.
> 
> 3. Use new defaults so your brand new john.pot will be 100% UTF-8.
> 
> 4. Re-crack all hashes in your pot file:
>    ./john recrack.in -form:nt -inp=iso-8859-1 -si:none
>    ./john recrack.in -form:lm -inp=cp850 -si:none
>    ./john recrack.in -form:(...)

To speed up this process, we might need to disable two (otherwise
useful) features of single mode:

1. john tries successful guesses on other hashes
(To mitigate this problem, just press Q and run ./john --restore from
time to time if your sessions with a huge number of (salted) hashes get
too slow.)

2. john splits the "user name" at certain special characters into
different parts, and uses the rules (or the dummy rule (':'), for
--single=none) on all of these parts.
This can't be suppressed without a source code change.


If your pot file contains passwords that have been cracked older john
versions, the canonical hash representation might have changed,
especially for raw hashes which will be recognized as valid by more than
one format. (Recent john versions will print warning messages mentioning
which format names you might need to try.)

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.