Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Mar 2020 03:35:11 +0100
From: magnum <>
Subject: Re: Getting error while using john command

On 2020-03-26 16:08, Solar Designer wrote:
> Unrelated, but reminded by the above:
> magnum, why is it that we care about character encodings of password
> hash files?  Should we?  I understand why we care about character
> encodings in wordlists, but not in password hash files.

Because of the *other* fields: I believe you wrote the #1 gem of JtR - 
single mode! For example, if you try to use single mode on a pwdump file 
with user names like Администратор, Möller and Anaïs, you will have a 
great deal better chance of cracking them if JtR knows what encoding 
that file is in. Besides, nowadays dang near *everything* is UTF-8 so 
the warning is a good thing - in this case it was a (albeit vague to the 
user) indication that the OP did something wrong.

> Also, why is seeing a UTF-16 BOM a fatal error?  Apparently, people are
> running into this once in a while - perhaps in misuses of the tools
> similar to the above (in which case it's good luck the error happens to
> be triggered), but maybe not always.

I'm really curious how you somehow do not think that should be a fatal 
error? Before I added it (IIRC) you could run a perfectly fine wordlist 
encoded in UTF-16 and just not get a single crack, with NO clue as of 
why, even though *all the right words were there*. Now THAT is a problem 
if you ask me.

If you mean we should actually support that dreadful encoding, sure. 
Just open an issue. I think all the needed bits are in there so it 
should be fairly trivial.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.