Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <555F41BB.7090901@gmail.com>
Date: Fri, 22 May 2015 16:48:27 +0200
From: Marek Wrzosek <marek.wrzosek@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Bleeding jumbo now defaults to UTF-8

W dniu 22.05.2015 o 02:32, magnum pisze:
> TL;DR version: If all you care about is ASCII passwords, you can ignore
> this change and stop reading now. Only 0.05% - 5 out of 10,000 -
> passwords in "RockYou" included any non-ASCII character.
> 
> BTW on a distantly relevant note, this made my day:
> http://askubuntu.com/questions/625021/how-can-i-make-my-shell-prompt-look-like-a-cheeseburger
> 
> 
> NEWSFLASH
> 
> From today, latest bleeding-jumbo from GitHub defaults to UTF-8. This
> has been deferred for far too long. The code has been there for years,
> only the defaults changed now.
> 
> The new defaults (which can be changed in john.conf) are:
> * Input (eg. wordlists, usernames etc) is assumed to be UTF-8.
> * Output to screen, log and .pot file is UTF-8.
> * Target encoding for LM is CP850 (and input will be converted
> accordingly).
> * Internal encoding (eg. for rules processing) is ISO-8859-1. CP1252 is
> a superset and slightly better (for example, it includes the Euro sign)
> but is also a tad slower so is not made the default.
> 
> There's also command-line options for using non-default settings in a
> particular session (eg. --target-encoding=cp737 if you target Greek LM
> hashes).
> 
> If you maintain several different versions of wordlists, in different
> code pages, you can forget about them and just use one, in UTF-8, from
> now on.
> 
> Read more about it in doc/ENCODINGS. For casual use, this change does
> not matter much and these new defaults "just work". If anything, you
> might crack a little more with the new defaults. But in rare cases you
> might get into trouble. Read the docs and use the encoding options. As a
> last resort you can always revert back to the legacy defaults with a few
> edits in john.conf.
> 
> The most likely trouble you might get into from this change is if you
> had lots of passwords *with non-ASCII characters* in your existing
> john.pot file. These wont show correctly (and -loopback can't use them
> correctly) unless you fix it. On the other hand, this was the case all
> the time - after this change and with a correct john.pot, things will
> look and work better.
> 
> If all of your non-ASCII entries in john.pot is the one same encoding,
> you can just use iconv(1) to convert the file to UTF-8 (but always keep
> a pristine backup!). If there's a mix of encodings, there simply is no
> simple way to fix it other than manually (which was one of the initial
> reasons for implementing codepage support). You are on your own with that.
> 
> Oh, and here's an NT hash for you to experiment with:
> 
> Administrator:5d7ca68d953e7eb7eb3e5cfb049f79fd
> 
> It's a really trivial one, using completely normal characters. Try
> cracking that hash with some other cracker.
> 
> magnum
>       ɯnuƃɐɯ
> 
That's a great news! What is the simplest way to "repair" all.lst from
Openwall?
-- 
Marek Wrzosek
marek.wrzosek@...il.com

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.