Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 4 Aug 2012 19:50:57 -0800
From: Royce Williams <royce@...ho.org>
To: john-users@...ts.openwall.com
Subject: Re: OS X keychain single empty/spaces result, but guessing continues?

On Sat, Aug 4, 2012 at 4:11 PM, Royce Williams <royce@...ho.org> wrote:
> I'm working on a Mac OS X keychain recovery.  The target file was
> generated with keychain2john from an unaltered login.keychain.

[snip]

> ... but shortly afterwards, the following appears (preceded by 17 spaces):
>
>                  (login.keychain)

[snip]

> The guessing continues as if more work remains -- but since there is
> only one line in the file, this seems counter-intuitive.

To test further, I created a fresh user and performed the same test.
I do not get an empty result like the one shown above; instead, JtR
exits normally after successfully guessing 1 of 1 keychains.

Perhaps my original keychain was created differently, or maybe it's
been tampered with.  But regardless, shouldn't JtR exit cleanly after
"finding" this empty guess, rather that continuing on?  Has anyone
else seen this behavior of finding what appears to be all possible
results, and then continuing to work?  What the heck could it be
working on?

Put another way: I'd like to support ensuring that if there's some
corner condition that triggers useless processing forever, that it's
detected and exits with a warning instead.  I can provide the
keychain2john file to interested regular devs if interested.

Royce

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.