Title says it all, I can’t tell if John is just crashing or “gives up” on cracking the hash. First I start off by creating an md5 hash out of a word I KNOW is on the rockyou.txt wordlist:
echo -n 'password' | md5sum > testhash
After removing the hyphen at the end of the test hash file:
Now I attempt to crack the md5 hash using the following John the Ripper command:
john --format=raw-md5 --wordlist= /usr/share/wordlists/rockyou.txt testhash
I get the output:
Loaded 1 password hash (Raw-MD5 [MD5 256/256 AVX2 8*3]) No password hashes left to crack (see FAQ)
Then I run:
john --show testhash
0 password hashes cracked, 2 left
Sorry if I’m doing something terribly wrong, but I’m at a loss here. I’m assuming it’s something wrong with how my installation of John on Kali Linux is handling the wordlist. Thank you in advance!
I am very concerned someone has enough information they found in my wallet when my wallet was removed from my purse Friday night, to steal my identity. What should I do now?
These days, it’s not uncommon to have dozens and dozens of passwords for various sites and services. If you’re using different passwords for each service it can be basically impossible to hold all the passwords in your memory.
Some people keep a book with their passwords written down, and are occasionally mocked for doing so because if the book is lost or stolen, so are their accounts.
Others keep a digital password manager. These passwords aren’t hashed: a user can log in and see all their saved passwords.
The best solution (assuming we’re only using passwords) is to have unique, strong passwords memorized for each service, but that is implausible for the typical person and the volume of passwords someone needs.
Which of the following is the current best practice for a high number of passwords? Consider that the user needs to access these accounts from potentially several computers.
Use a handful of passwords that you can remember and have several services share a password. (For example, three unique passwords over twelve services)
Use a digital storage mechanism for storing passwords that can be accessed on logging in
Keep a physical book of written passwords. Obviously it can’t be stolen digitally, but can be physically stolen or misplaced, and recovering from a lost book is very hard.
I’m assuming the person in question is keeping everyday information important to them (email, bank account password, so on) but not necessarily being specifically targeted by someone with resources. Any of these practices will probably fail against someone staging a coordinated attack.
In December 2019, tons of new sites reported Microsoft ran a security research that found out over 44 million of user passwords were breached. The news sites said Microsoft used third-party resources and public databases in order to discover this, and forced all these users to change their passwords (which is nice!), but I still don’t get it.
If the password is properly hashed, how did they manage to look them up on these databases? I’m not a security expert or anything, but the only possibility I could come up on my mind was to hash the passwords on these public databases and compare with the users’ hashed passwords, but that sounds absurd considering salt (they would have to hash every leaked password to every account, right?). Does anyone understand how they did that?
EDIT: @schroeder’s comment and closing the question doesn’t make sense. The question is valid – how could they check so many password to so many accounts, if that’s how they did it.
recently my PC died and will not power on. The motherboard had a complete failure. My HDD survived. I have it set up as an external to pull my photos and such. My question comes down to transferring the local passwords I had stored on chrome. I didn’t have a google account sync. But the profiles are still accessible on the old HDD. I want to view my passwords or at least transfer them to my new pc. The older HDD belonged to a win 8.1 pc. I pulled up the Login data sqlite file but when I view it in sql server it says the password value is stored in a blob. Any advice on recovering them would be helpful,a majority of my lifes on there.
I have an application that needs to store Network Credentials for a Network Drive/Share on the disk. The user shouldn’t need to enter the password every time. The OS is WinPE, so he cannot map the drive once and it will stay there.
- I need the password in plain text, to map the drive.
- The program should work without an additional password that the user has to enter.
- Hash + Salt is not reversible, so I cannot get the password in plain text.
- An encrypted password is not safe, because the program has to store the key. If someone looks inside the code he will get the key and decrypt the password.
- I cannot use the “Protect Data” interface of windows, because I use WinPE. Protect Data Documentation
The program is written in C#. Maybe someone has a good idea about my problem. Thanks!
I had an idea a little while back to have an ID card with a QR code on it that you kept in your wallet. When you want to access your passwords (view them directly), you need your ID card and to scan it with your password protected iPhone. This then reveals your desired passwords.
But I’m thinking about it more and it doesn’t seem to offer any extra “security” or protection of your passwords. You have your phone password memorized, so that’s secure. Once you get into your phone and open the customized QR reading password app, you could just have direct access to your passwords right there instead of having the QR code layer. But, say we add the QR code step, of scanning the QR code to get access. Maybe it only works on your phone. So you have your phone password and a QR code protecting your password.
Does something like this offer any extra security? I’m thinking along the lines of n-factor auth and having an actual physical ID card in the mix.
This question occurred to me when using online banking. My wife and I have a joint account. The username to login to internet banking is just our account number, so it is the same for both of us. Nevertheless the bank supplied us with 2 distinct passwords.
If the passwords where only given out by the bank and we would log into the same account this would probably be fine.
But first the bank actually forces us to each choose our own new password. In theory I could choose the same password as my wife and then the system would tell me ‘you can’t use this password because it is already taken’ or something like that so I would have guessed my wifes password. Seems securitywise very shady.
Secondly although we access the same money in the bank account we don’t have the exact same user account in the bank as for some actions the identity of the user is needed (for example ‘please send a new credit card’, should it be for me or for my wife?). The situation of one username combined with one password accesses one user account, the same username with another password accesses a different user account looks to me like a severe breach of security.
Is this actually fine or is the bank using some very sloppy and potentially unsafe programming for their joint accounts?
On all web services that require passwords, like gmail, you are asked to set a long password. Like 8 characters or more.
The reason being higher security.
But the same services limit the number of login attempts to 3-4 tries before locking your account and asking for more info. Something which I find very annoying, but that’s another topic.
So how is a short password insecure if they limit log in attempts ? If the pw has 5 characters someone can not try all combinations in just 3 attempts.
Why are you selling this site?
no time to keep it going
wordpress cms is easy to use and maintain
– Website files and folders
– SQL database
– Domain name