1SecureMode 2========== 3 4Using JtR in enterprise environments as a strong password auditing and compliance 5tool can be problematic as cracked passwords are visibly displayed (and 6stored). 7 8To get around this problem, we can use John the Ripper’s SecureMode feature for 9auditing hashes in a "secure" fashion. 10 11When this feature is enabled in john.conf (by setting SecureMode=Y), no cracked 12password is ever printed, logged or stored in plaintext. Instead you get an 13indication of length and use of classes. For example, the password "Ignit3" 14would output as “L6-?l?d?u” telling you that the cracked password is six 15characters long and consists of lowercase, digits and uppercase characters. 16 17Usage 18----- 19 20``` 21 22$ cat hashes 23dummyuser:$dummy$70617373776f7264 24 25$ cat worst-passwords-top25-2013-SplashData.txt 26123456 27password 2812345678 29qwerty 30abc123 31123456789 32111111 331234567 34iloveyou 35adobe123 36123123 37admin 381234567890 39letmein 40photoshop 411234 42monkey 43shadow 44sunshine 4512345 46password1 47princess 48azerty 49trustno1 50000000 51 52$ ../run/john -w=worst-passwords-top25-2013-SplashData.txt hashes 53Loaded 1 password hash (dummy [N/A]) 54... 55L8-?l (dummyuser) 56 57$ cat ../run/john.pot 58$dummy$70617373776f7264:L8-?l 59 60$ ../run/john --show hashes 61dummyuser:L8-?l 62 631 password hash cracked, 0 left 64 65``` 66