Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANWtx026mXf=LeLkBR2oaaY99jA2DRHmyb_MDix=0gXKEz3e3A@mail.gmail.com>
Date: Thu, 19 Jan 2012 11:48:11 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: GUI for dummy format

On Thu, Jan 19, 2012 at 11:27 AM, Solar Designer <solar@...nwall.com> wrote:
> Aleksey, all -
>
> It appears that a significant number of users who want a GUI intend to
> use JtR to test security of various plaintext passwords they can think
> of - e.g., just type some password in and have JtR try to crack it.
>
> Maybe your GUI could have some input box where one would be able to type
> plaintext passwords (one per line).  The passwords would then be encoded
> as $dummy$hex and JtR would be run on them in the GUI.
>
> It may be tricky to fit this in the GUI such that it's immediately
> obvious that this functionality is available, yet without cluttering
> the main screen.
>
> Then, the same GUI could also be invoking pwqcheck from passwdqc.  That
> way, one would see if their desired passwords would be accepted or
> denied by passwdqc, and then see how they get cracked or not.  Maybe
> pwqgen could be invoked, too.
>
> What do you think?
>
> Is anyone aware of existing GUI apps with this kind of functionality?
Yes and no. Cain&Abel has a "calculator" that will ouput various hashes vai it's
GUI:
Type		Hash
---------		---------
MD2		F03881A88C6E39135F0ECC60EFD609B9
MD4		8A9D093F14F8701DF17732B2BB182C74
MD5		5F4DCC3B5AA765D61D8327DEB882CF99
SHA-1		5BAA61E4C9B93F3F0682250B6CF8331B7EE68FD8
SHA-2 (256)	5E884898DA28047151D0E56F8DC6292773603D0D6AABBDD62A11EF721D1542D8
SHA-2 (384)	A8B64BABD0ACA91A59BDBB7761B421D4F2BB38280D3A75BA0F21F2BEBC45583D446C598660C94CE680C47D19C30783A7
SHA-2 (512)	B109F3BBBC244EB82441917ED06D618B9008DD09B3BEFD1B5E07394C706A8BB980B1D7785E5976EC049B46DF5F1326AF5A2EA6D103FD07C95385FFAB0CACBC86
RIPEMD-160	2C08E8F5884750A7B99F6F2F342FC638DB25FF31
LM		E52CAC67419A9A22
NT		8846F7EAEE8FB117AD06BDD830B7586C
MySQL323	5D2E19393CC5EF67
MySQLSHA1	2470C0C06DEE42FD1618BB99005ADCA2EC9D1E19
Cisco PIX		NuLKvvWGg.x9HEKO
VNC Hash	DBD83CFD727A1458
Base64		cGFzc3dvcmQ=
It's a small icon that looks like a calculator and opens another
window to have you
input the text and click OK to hash it. This email reminded me of another recent
discussion about having JtR generate hashes to Stdout (iirc). I wanted
to ask how
JtR would do this on salted hashes, would it output all possible
salts, or just some
random single salt, or a handful of salts. I don't want to mix the two
threads but I
think the question can apply here as well as it does in the other
thread. More simply
would the Dummy hash's support salts and how would they likely support them.

Also would Dummy support the, for lack of a better definition, complex
hash types
like Kerbrose TGT (krb5), Mscache, Zip, Rar etc...
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.