Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 4 Oct 2012 01:55:55 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: issue with cracking SIP dumps

On 4 Oct, 2012, at 1:37 , magnum <john.magnum@...hmail.com> wrote:

> On 3 Oct, 2012, at 23:10 , buawig <buawig@...il.com> wrote:
> 
>>> If you do not mix versions, it will work fine.
>> 
>> I used sipdump2john.py that came with the tar.gz (john-1.7.9-jumbo-7), I
>> do not have a copy of the git repo.
> 
> I just checked git: Jumbo-7 holds code without Julien's patches while unstable/bleeding trees has them. And I checked that the release tarball is consistent with git's Jumbo-7 branch.
> 
> The only reason I can imagine is that Julien's patch was actually a bugfix - and you happened to trigger the bug.

Digging a bit more into this, it appears Jumbo-7 unfortunately may have a serious bug in the SIP format that was not present in Jumbo-6 and that is fixed in git. See last comment here: https://github.com/magnumripper/JohnTheRipper/pull/86#issuecomment-8561660

That was a couple days before release of Jumbo-7 and I missed that it should have been merged to the -fixes branch. Ideally, that push request should have been against -fixes in the first place. Sorry.

Provided this bug is as serious at Julien says, you should really use latest git version instead. You can get a snapshot from here:
https://github.com/magnumripper/JohnTheRipper/tarball/unstable-jumbo

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.