Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <BAY13-F1682A62D9B07D7E434D30BB1E20@phx.gbl>
Date: Sat, 11 Mar 2006 05:16:53 +0000
From: "hadzijj qwerty" <hadzijj@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: does john crack xp passwords correctly?

>On Sat, Mar 11, 2006 at 04:46:04AM +0000, hadzijj qwerty wrote:
> > In the meantime I found another thing that I'd like to ask about. You 
>wrote
> > about letter "M" that john didn't check if it's lower or upper-case. So
> > when it will finish looking for the first 7 chars of my password will 
>their
> > case be unknown as well?
>
>Yes.  The case of characters is unimportant for determining whether a
>given Windows password is weak or not.
>
>However, if you're cracking those passwords for another purpose, you may
>apply the unofficial NTLM hashes support patch to John, then have it
>guess the proper case of characters in passwords it would have cracked
>based on LM hashes.
>
>JtR 1.7 includes the following hack in the default john.conf:

[..]

Thanks.

> > $ dpkg -l | grep john
> > ii  john                       1.6-39                         active
> > password cracking tool
> >
> > It looks that my debian would like to argue with you :)
>
>No, everything is in agreement now.  You've been using version 1.6-39 of
>the Debian package (which is Debian's 39th revision of the package of
>John 1.6), not John version 1.6.39.  Those two are entirely different
>versions.

I haven't known that :)

Thanks a lot,
Hadzij

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.com/

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.