Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 01 Sep 2014 23:19:24 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: WPA-PSK/WPA2-PSK

On 2014-08-30 01:48, magnum wrote:
> On 2014-08-29 23:23, David wrote:
>> Hello everyone,
>>
>> Based on the info at:  http://openwall.info/wiki/john/WPA-PSK, I
>> downloaded wpa-induction.pcap, converted it using:
>>
>> $ ./wpapcap2john ~/Downloads/wpa-Induction.pcap >
>> ~/Downloads/wpa-Induction.crackme
>>
>> added “Induction” to my dictionary, and then ran:
>>
>> $ ./john --format:wpapsk ~/Downloads/wpa-Induction.crackme -w
>> password.lst
>> Loaded 1 password hash (wpapsk, WPA/WPA2 PSK [PBKDF2-SHA1 128/128 SSE2
>> 4x])
>> Note: minimum length forced to 8
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> 0g 0:00:00:00 DONE (2014-08-29 17:18) 0g/s 1270p/s 1270c/s 1270C/s
>> morecats..newcourt
>> Session completed
>
> Thanks for reporting. I can reproduce, and the problem seems to be with
> OpenCL and CUDA versions too. And it's not just that particular test
> pcap. Very strange. We need to bisect.

A fix is committed (b46d6ed). This was a bad bug, we had false negatives 
because wpapcap2john failed to parse some PCAP formats correctly due to 
assumptions in length calculation (in this case the FCS was not 
accounted for).

The current fix should be universal, although it disturbs me a lot it 
contradicts some RFCs and I have yet to understand why. But all 
regression tests so far show it's fine and Wireshark seems to agree.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.