Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <459441C7.7030004@auckland.ac.nz>
Date: Fri, 29 Dec 2006 11:14:31 +1300
From: Russell Fulton <r.fulton@...kland.ac.nz>
To: john-users@...ts.openwall.com
Subject: Re: is it allowed to ask help to crack 1 or 2 HASH in
 this list ?



Solar Designer wrote:
> Oh, I've actually rejected a posting with an excerpt from a likely
> stolen password file with some easily crackable hashes.  The message
> claimed that those hashes were hard to crack, which was not true.  What
> do others think - should this kind of postings be allowed, too, such as
> to provide test material (although there's plenty of it available with
> Google if you use the right keywords)?  Should the moderators bother to
> check whether the hashes are in fact not trivial to crack before
> accepting or rejecting a posting?  I certainly don't expect to always
> have the time for that.
>   
The posting of hashes for others to crack is obviously open to abuse.  I
don't have strong feelings about whether or no the list should allow
such posts bit admit that the feelings that I do have lean towards
saying  no.  My main reason for this is that I really don't see what use
these posts are to anyone and I certainly agree with the poster who said
that if they ever cracked any hash posted here they would never return
the result. 

I do feel (quite strongly) that if the list does accept hashes then we
should accept all hashes.  As Solar says the moderators won't always
have time to check that hashes posted are indeed difficult to crack.  If
we start screening hashes then an expectation is established that
screening will take place -- this could theoretically have legal
implications if some trivial stolen hashes were posted here, not checked
by the moderators and subsequently broken and then used.  It could be
argued that the moderators where negligent. 

Russell


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.