Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Mar 2018 14:30:38 -0800
From: Royce Williams <>
Subject: Re: Support for cracking hash collisions

On Wed, Mar 28, 2018 at 2:00 PM, Matt Weir <> wrote:

> In JtR is there a cracking option that will allow cracking sessions to
> continue even after it finds a valid match, with all valid plaintexts being
> saved to the POT file? An existing hash format where this would be useful
> would be Mysql323, which suffers from having lots of collisions. I’ll admit
> my question stems from the pwned password api lookup where it may be
> possible to obtain the first five characters of the sha1 hash of a
> password. I’d be curious if it would be worthwhile to create a dynamic hash
> format to generate tailored dictionaries of collisions to use in other
> attacks against stronger hashes.

Jumbo has:

$ john --list=hidden-options | grep guess
--keep-guessing            try more candidates for cracked hashes (ie.


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.