|
Message-ID: <20110822161949.GA16040@openwall.com> Date: Mon, 22 Aug 2011 20:19:49 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: password with the sign "#" On Mon, Aug 22, 2011 at 12:02:59PM -0400, Robert B. Harris wrote: > I don't want to be a trouble maker, but what if someone wants to test #!comment as a password? As you have guessed, such wordlist entry would currently be skipped. However, such password could nevertheless be tested by a word mangling rule or by another cracking mode. I am not too concerned about this - not enough to introduce more ways to bypass the check. Sure, one can have #!comment as their password and have this undetected by JtR, but so what. They could also set their password to something else, post it on the web, and likely have this undetected in an audit (no one is scanning the entire web for possible passwords; at best, only some web sites/pages are scanned into wordlists). Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.