headers
Brad Tilley | 25 Jun 2012 01:19

john --show

Hello,

Is the output of --show stable? Does it change often? I plan to parse it
and combine it with some policy checking routines I've written (minimum
length, complexity checking, etc.) so when performing audits I can provide
more details to the clients and managers receiving the reports. So rather
than just showing, "yes, these user account passwords were cracked", I can
show if the cracked account passwords met the existing password complexity
policy, or not.

Thanks,

Brad
Permalink | Reply |
headers
Solar Designer | 25 Jun 2012 07:58
Favicon

Re: john --show

On Sun, Jun 24, 2012 at 07:19:39PM -0400, Brad Tilley wrote:
> Is the output of --show stable? Does it change often?

It's been stable so far.  It hasn't changed in the past 15 years, except
for wording in the cracked / left line and some subtleties in handling
of split hashes (bigcrypt, LM and the like).

> I plan to parse it
> and combine it with some policy checking routines I've written (minimum
> length, complexity checking, etc.) so when performing audits I can provide
> more details to the clients and managers receiving the reports. So rather
> than just showing, "yes, these user account passwords were cracked", I can
> show if the cracked account passwords met the existing password complexity
> policy, or not.

Sounds good.

A problem is that there's no escaping of colons that might be part of
passwords.  We'll need to add a new output mode to take care of that.

Alexander
Permalink | Reply |

Gmane