A patch to force john the ripper 1.7.2 to forget passwords

Below is a simple patch against john the ripper 1.7.2 to ensure it forgets cracked passwords immediately.
Why was this done? For security compliance it's often necessary to test user passwords for strength, users with weak passwords should be informed and asked to change their password immediately. However the security auditor should never know user passwords. This patch alters john in such a way it replaces all discovered passwords with the string "CRACKED".

  • Download john-forget-cracked-passwords-1.7.2.patch.
  • You will also need to apply this patch against john 1.7.2 as follows:

  • Download John the ripper 1.7.2. This version is available here.
  • Unpack the john the ripper source version 1.7.2.
  • patch -p0
  • compile as normal with make and make clean system_name
  • Please note that the patch above is for an old version of john the ripper and may not apply to newer versions.