Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CA+E3k92JUJj8DjOy38pGVmfGG7HPy5jd=0GwJ=BGJQ9T7tb00A@mail.gmail.com>
Date: Wed, 28 Mar 2018 14:30:38 -0800
From: Royce Williams <royce@...ho.org>
To: john-users@...ts.openwall.com
Subject: Re: Support for cracking hash collisions

On Wed, Mar 28, 2018 at 2:00 PM, Matt Weir <cweir@...edu> wrote:

> In JtR is there a cracking option that will allow cracking sessions to
> continue even after it finds a valid match, with all valid plaintexts being
> saved to the POT file? An existing hash format where this would be useful
> would be Mysql323, which suffers from having lots of collisions. I’ll admit
> my question stems from the pwned password api lookup where it may be
> possible to obtain the first five characters of the sha1 hash of a
> password. I’d be curious if it would be worthwhile to create a dynamic hash
> format to generate tailored dictionaries of collisions to use in other
> attacks against stronger hashes.
>

Jumbo has:

$ john --list=hidden-options | grep guess
--keep-guessing            try more candidates for cracked hashes (ie.
search

Royce

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.