Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20120913232526.GB1885@openwall.com>
Date: Fri, 14 Sep 2012 03:25:26 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Help for JTR

On Thu, Sep 13, 2012 at 07:00:00PM +0200, Helmut Hullen wrote:
> >>>> The hash input to john is as follows:
> >>>> adm:1003:f5ed24301452410f0f802f643692aaef:3c4ac740fc1ecbee5da191a1
> >>>> 4f0cdc29:::
> 
> >> Neither "jtr" nor "ophcrack" recognized any password for this line.
> 
> > We need to know if these are the actual hashes Jonathan is trying to
> > crack, or if he modified them for posting to the list.
> 
> They seem to be invalid. "ophcrack" should recognize the password at  
> least for the first of the two lines. I know what "ophcrack" usually  
> writes into the log file.

You're assuming that if they're valid, they are most likely crackable
with the rainbow tables that you have.  Since they're not, you have no
way to tell if they're valid hashes or not.  All we can say is that
they're correctly looking, but are not easily crackable.  Since almost
all LM hashes for real passwords are easily crackable (over 99%), this
tells us that at least the LM hash portion is almost certainly not real.
Probably the NT is not real as well.  We're just not 100% certain of any
of that.  We're like 99% certain.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.