Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <1144098513.13670.98.camel@spider>
Date: Mon, 03 Apr 2006 14:08:33 -0700
From: Greg Barry <Gregory_W_Barry@...gov>
To: john-users@...ts.openwall.com
Subject: Re: John-the-ripper run on Trusted HP-UX



> On Mon, Apr 03, 2006 at 09:39:24AM -0700, Greg Barry wrote:
> > Everything works fine with john-the-ripper on the machine except when
> > users set their passwords to greater than 8 characters. 
> > 
> > For these accounts, john always marks them as cracked with output like
> > the following:
> > 
> > guesses: 4  time: 0:00:52:13  c/s: 152516  trying: vx25 - vxs7
> > Loaded 22 password hashes with 22 different salts (Traditional DES
> > [32/32x8V BS])
> > 03/31/06 11:31:15 $                (h0058:2)
> > 03/31/06 11:31:15 7                (h0094:2)
> > 03/31/06 11:32:30 11a            (h0018:2)
> > 03/31/06 11:35:16 3f               (h0015:2)
> 
> (I am curious how you made it print timestamps here - a custom patch?
> Was the information available in the log file insufficient?)
> 

       Yes , the timestamps were a custom change


> This is correct.  This output means that John has successfully cracked
> the endings of those passwords (characters past 8).  For example,
> h0058's password is 9 characters long and ends in a dollar sign.  The
> ":2" after usernames means "second part of the password".
> 


     Am I correct to assume that john has run against the first 8 chars
of the passwd  as well
as the characters past 8




> In general, you should not draw conclusions on what is cracked and what
> is not based on the console output of a John cracking session.  Instead,
> you should be using "john --show".


I forget to do this. Will add to our standard procedures.  Thanks



> 
> There are other cases where there can be legitimate discrepancies
> between the cracking session and "john --show" output.  For example,
> John might not load duplicate hashes for cracking - so it would only
> report one of the affected usernames while cracking - yet "john --show"
> would correctly report all of the usernames which share the cracked
> hash.
> 
> The information recorded in john.pot and .log files is similar in nature
> to the console output of a running session.
> 
> Thus, "john --show" is the only correct way to obtain the results of
> John cracking runs - with the required post-processing of the data.
> 
> > Is there any way to configure john-the-ripper to support passwds greater
> > than 8 characters on trusted HP-UX systems?
> 
> As you can see, John already supports those - with no need to configure
> anything.
> 
> P.S. Modern PA-RISC systems are 64-bit, yet the hpux-* targets in John
> are currently 32-bit only.  Unfortunately, I don't possess a 64-bit
> PA-RISC system.  I'd be grateful if anyone would be willing to help add
> the proper targets into John's Makefile (which should be trivial) and/or
> test them.  This should give an almost 2x speedup at DES-based hashes.
> 
> -- 
> Alexander Peslyak <solar at openwall.com>
> GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
> http://www.openwall.com - bringing security into open computing environments
> 
> Was I helpful?  Please give your feedback here: http://rate.affero.net/solar
> 
> -- 
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
> to the automated confirmation request that will be sent to you.


Greg Barry,    Systems Analyst
    Unix Systems Management
    Lockheed Martin Information Technology,    Hanford,    Richland WA
    Phone: 509-376-1652     Page: 85-9550     Email: e6b564@...gov 
________________________________________________________________________

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.