john-dev - Re: ./john --show for formats with FMT_NOT

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <20120711135525.GC11965@openwall.com>
Date: Wed, 11 Jul 2012 17:55:25 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: ./john --show for formats with FMT_NOT_EXACT flag set

On Wed, Jul 11, 2012 at 01:56:02PM +0200, Frank Dittrich wrote:
> BTW: why does CRC32 have the FMT_NOT_EXACT flag set?
> IMHO, this flag should indicate that the implementation used a shortcut,
> e.g., for performance reasons, and could produce false positives.
> A hash collision (as with CRC32) is different.
> If you found a password for that hash, it is valid, no matter how many
> other passwords there may be for the same hash.
> 
> The only reason to keep this flag set for CRC32 is if you do have other
> hashes for slower salted formats, and you assume that the passwords used
> for those other hashes are similar to the passwords used for CRC32.
> In this case it makes sense to find as many valid passwords as possible
> for CRC32, because you want to use those passwords as candidates for the
> slower formats...

I think that's not the only reason.  Another reason would be to find a
prettier looking or easier to remember password.  I recall that BIOS
password crackers outputted multiple valid passwords for that reason.

Alexander

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.