Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANO7a6zGFcFHYGKhR6+PxTWgnoa=3K8e0rYufCxmjCNNPWyZ+g@mail.gmail.com>
Date: Sun, 5 Aug 2012 17:47:29 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Re: OS X keychain single empty/spaces result, but
 guessing continues?

On Sun, Aug 5, 2012 at 9:20 AM, Royce Williams <royce@...ho.org> wrote:
> On Sat, Aug 4, 2012 at 4:11 PM, Royce Williams <royce@...ho.org> wrote:
> To test further, I created a fresh user and performed the same test.
> I do not get an empty result like the one shown above; instead, JtR
> exits normally after successfully guessing 1 of 1 keychains.

john shouldn't have exited after guessing the password! Was the
password successfully recovered though?

> Perhaps my original keychain was created differently, or maybe it's
> been tampered with.  But regardless, shouldn't JtR exit cleanly after
> "finding" this empty guess, rather that continuing on?  Has anyone
> else seen this behavior of finding what appears to be all possible
> results, and then continuing to work?  What the heck could it be
> working on?

Currently, the Keychain format is FMT_NOT_EXACT which means that we
can't be 100% sure that the recovered password was the actual
password. Hence, john continues to run after the initial guess.

> Put another way: I'd like to support ensuring that if there's some
> corner condition that triggers useless processing forever, that it's
> detected and exits with a warning instead.  I can provide the
> keychain2john file to interested regular devs if interested.

Please send me both keychains2john files along with correct passwords. Thanks!

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.