Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 26 Mar 2020 16:08:40 +0100
From: Solar Designer <>
Subject: Re: Getting error while using john command

Hi Namita,

On Thu, Mar 26, 2020 at 06:40:37PM +0530, Namita Diwedi wrote:
>  While using  john.exe command i am getting error as
> Warning: invalid UTF-8 seen reading backup.rar

This suggests that you're trying to run "john" on your RAR archive
directly, which isn't supposed to work.  Instead, the commands should be
something like:

rar2john backup.rar > backup.txt
john backup.txt

> Warning: detected hash type "HMAC-SHA256", but the string is also
> recognized as "HMAC-SHA512"
> Use the "--format=HMAC-SHA512" option to force loading these as that type
> instead
> oracle: Input file is not UTF-8. Please use --input-enc to specify a
> codepage.
> Warning: only loading hashes of type "HMAC-SHA256", but also saw type
> "HMAC-SHA224"
> Use the "--format=HMAC-SHA224" option to force loading hashes of that type
> instead
> Error: UTF-16 BOM seen in input file.

These messages will also go away when you use the programs properly.

We could want to enhance "john" to detect common misuses like this and
suggest usage of the proper *2john tool.  I'm afraid many people just
leave "john" running in similar cases when they're not lucky enough to
have tripped a fatal error like we see here.

Unrelated, but reminded by the above:

magnum, why is it that we care about character encodings of password
hash files?  Should we?  I understand why we care about character
encodings in wordlists, but not in password hash files.

Also, why is seeing a UTF-16 BOM a fatal error?  Apparently, people are
running into this once in a while - perhaps in misuses of the tools
similar to the above (in which case it's good luck the error happens to
be triggered), but maybe not always.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.