Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 11 Mar 2006 07:17:02 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: does john crack xp passwords correctly?

I wrote, regarding a half-cracked LM hash:
> >It's seven unknown (not yet cracked) characters followed by the part of
> >the password that's been cracked (the "M" might be upper- or lower-case,
> >though - John does not check that).  At this point, it is known that the
> >password is exactly 10 characters long - and only the first 7 characters
> >remain to be cracked.

On Sat, Mar 11, 2006 at 04:00:08AM +0000, hadzijj qwerty wrote:
> I'm not sure this is explained in the documentation. Is it somewhere?

I'm afraid not.  This is specific to LM hashes, which are not the
primary focus of John - although I agree that the proper documentation
on this needs to be written.

> I have 4 passwords in my passwords file.
> But the strange thing is that john writes:
> 
> Loaded 7 passwords with no different salts (NT LM DES [48/64 4K])
> 
> AFAIK administrator password is is treated like 1 password, whilst every 
> other password
> is treated like 2 passwords. Why?

The FAQ has this entry:

Q: I have 10 users, but John said it loaded 15 password hashes.  What's
going on?
A: Some extremely poorly designed hash types (Windows NT LM hashes and
double-length DES-based crypt(3) hashes also known as "bigcrypt" or
"crypt16") have a property that allows John to split their encodings
into two separate hashes (corresponding to halves of plaintext
passwords) on load.  John then proceeds to crack those hashes
separately, so at a given time it might have only one of two halves of
some passwords cracked.  If interrupted and restarted, it would need to
only load the hashes which correspond to uncracked password halves, so
the number of such hashes is what John reports (in all cases, for
consistency).

Did this answer your question?

Also, the "48/64 4K" on that line suggests that you're using an old
version of John (probably the 1.6 release).  You should be able to get
much better performance at LM hashes by upgrading to version 1.7.

> >Provided that you use the current version of John (1.7 or newer) and you
> >run the MMX build of it, you should get your full Administrator password
> >cracked reasonably soon (two weeks worst case for a modern CPU, but
> >chances are that you'd get it cracked _much_ quicker - within hours).
> 
> I have a version 1.6.39 under debian unstable.

The output above does not match that of version 1.6.39, so that's not
what you're using.

> Is version 1.7 much faster?

Version 1.7 is several times faster than the 1.6 release at LM hashes.

My advice is that you download the 1.7.0.1 tarball, compile it (with
"make linux-x86-mmx" if you're on an x86 machine), and use that.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.