[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <004201cc6118$43d95e10$cb8c1a30$@net>
Date: Mon, 22 Aug 2011 18:10:12 -0400
From: "Robert Harris" <rs904c@...scape.net>
To: <john-users@...ts.openwall.com>
Subject: RE: password with the sign "#"
Alex,
Would it detect #!comment1234 ?
-----Original Message-----
From: Solar Designer [mailto:solar@...nwall.com]
Sent: Monday, August 22, 2011 12:20 PM
To: john-users@...ts.openwall.com
Subject: Re: [john-users] password with the sign "#"
On Mon, Aug 22, 2011 at 12:02:59PM -0400, Robert B. Harris wrote:
> I don't want to be a trouble maker, but what if someone wants to test
#!comment as a password?
As you have guessed, such wordlist entry would currently be skipped.
However, such password could nevertheless be tested by a word mangling
rule or by another cracking mode.
I am not too concerned about this - not enough to introduce more ways to
bypass the check.
Sure, one can have #!comment as their password and have this undetected
by JtR, but so what. They could also set their password to something
else, post it on the web, and likely have this undetected in an audit
(no one is scanning the entire web for possible passwords; at best, only
some web sites/pages are scanned into wordlists).
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
