Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20110822161949.GA16040@openwall.com>
Date: Mon, 22 Aug 2011 20:19:49 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: password with the sign "#"

On Mon, Aug 22, 2011 at 12:02:59PM -0400, Robert B. Harris wrote:
> I don't want to be a trouble maker, but what if someone wants to test  #!comment as a password?

As you have guessed, such wordlist entry would currently be skipped.
However, such password could nevertheless be tested by a word mangling
rule or by another cracking mode.

I am not too concerned about this - not enough to introduce more ways to
bypass the check.

Sure, one can have #!comment as their password and have this undetected
by JtR, but so what.  They could also set their password to something
else, post it on the web, and likely have this undetected in an audit
(no one is scanning the entire web for possible passwords; at best, only
some web sites/pages are scanned into wordlists).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.