Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 22:39:55 +0200
From: magnum <>
Subject: Re: Why does john display some cracked passwords twice?

On 2015-07-28 18:49, Marek Wrzosek wrote:
> W dniu 28.07.2015 o 18:40, Marek Wrzosek pisze:
>> Here is some examples:
>> br4v0br4v0       (?)
>> br4v0br4v0       (?)

>> This happens very frequently with different modes (incremental,
>> wordlist, prince, markov, ...) while cracking raw-md5 with --fork
>> option. Sometimes it happens even three times:
>> Emmanuelf12      (?)
>> Teddyg17         (?)
>> Teddyg17         (?)

> PS. Apparently they are cracked multiple times, because this occurs in a
> .pot file too.
> $dynamic_0$077a62e15d63c5a10ec58866c2b5202e:passopasso83
> $dynamic_0$077a62e15d63c5a10ec58866c2b5202e:passopasso83
> Maybe this would be helpful too:
> $ ./john --list=build-info
> Version:
> (...)

You need to state what command you ran. It could be a bug (should be 
fairly new bug if so), but it's likely due to eg. running -fork in some 
non-efficient way.

For example, if you ran wordlist + rules with fork, no two processes 
will apply the same rule to the same word. But if one process read the 
word "teddyg" and used a rule that applied "17", and another process 
read the word "teddy" and a rule that applied "g17", they would both 
crack the same "teddyg17" hash. If they do this within minutes the "pot 
sync" feature will not have a chance to mitigate it. OTOH it can be 
ignored (and it was much much worse before pot sync) as long as we know 
this is the actual issue here.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.