Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BLU0-SMTP258572493A8620BC1B74EE5FDE00@phx.gbl>
Date: Tue, 26 Jun 2012 14:31:04 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: ./john --show for formats with FMT_NOT_EXACT flag set

I made a small test with crc32 and the hard coded tests:

$ cat pw
1:$crc32$00000000.fa455f6b
2:$crc32$00000000.4ff4f23f
3:$crc32$00000000.00000000
4:$crc32$4ff4f23f.ce6eb863
5:$crc32$fa455f6b.c59b2aeb

$ ./john --incremental pw --session=not_exact
Loaded 5 password hashes with 3 different salts (CRC-32 [32/32])
guesses: 0  time: 0:00:00:00 0.00%  c/s: 0.00
                 (3)
guesses: 1  time: 0:00:00:02 0.00%  c/s: 217661  trying: thists - 47194046
guesses: 1  time: 0:00:00:03 0.00%  c/s: 552421  trying: enb - raneh
dummy            (2)
guesses: 2  time: 0:00:00:04 0.00%  c/s: 889995  trying: bioblet - 0258172
guesses: 2  time: 0:00:00:05 0.00%  c/s: 1343K  trying: 1mjd - 34760346
ripper           (1)
guesses: 3  time: 0:00:00:05 0.00%  c/s: 1805K  trying: rh5630 - rm3588
guesses: 3  time: 0:00:00:06 0.00%  c/s: 2222K  trying: budm3l - climue
123456           (5)
guesses: 4  time: 0:00:00:07 0.00%  c/s: 2629K  trying: 35519436 - 33221757
guesses: 4  time: 0:00:00:08 0.00%  c/s: 3002K  trying: acosc12 - sh2na3
guesses: 4  time: 0:00:00:09 0.00%  c/s: 3337K  trying: jsins7 - drwol7
guesses: 4  time: 0:00:00:10 0.00%  c/s: 3618K  trying: tuels92 - tuclase
guesses: 4  time: 0:00:00:18 0.00%  c/s: 5051K  trying: j6bye - lrb3m
Session aborted

$ ./john --restore=not_exact
Loaded 5 password hashes with 3 different salts (CRC-32 [32/32])
guesses: 4  time: 0:00:00:19 0.00%  c/s: 5198K  trying: butsulia - bultancy
guesses: 4  time: 0:00:00:20 0.00%  c/s: 5276K  trying: siors2 - sc70es
guesses: 4  time: 0:00:00:22 0.00%  c/s: 5213K  trying: k98t - sh462
guesses: 4  time: 0:00:00:45 0.00%  c/s: 7092K  trying: ce92d27 - cem1ea1
guesses: 4  time: 0:00:00:46 0.00%  c/s: 7111K  trying: pfa3k - 18e6!
guesses: 4  time: 0:00:00:47 0.00%  c/s: 7160K  trying: nnop23 - sax2f2
guesses: 4  time: 0:00:00:48 0.00%  c/s: 7215K  trying: brydut - bipanb
guesses: 4  time: 0:00:00:49 0.00%  c/s: 7235K  trying: tair2t - tr14us
stiebrac         (2)
guesses: 5  time: 0:00:01:41 0.00%  c/s: 7850K  trying: bbouDM7 - bc7504$
guesses: 5  time: 0:00:01:42 0.00%  c/s: 7844K  trying: jincy4$ - jijaho3
guesses: 5  time: 0:00:01:43 0.00%  c/s: 7845K  trying: sw66371 - sw6we9d
guesses: 5  time: 0:00:01:44 0.00%  c/s: 7854K  trying: dhisl2b - dhiatup
guesses: 5  time: 0:00:01:46 0.00%  c/s: 7792K  trying: dugb4w - dr1t6b


Good. john continued with 5 hashes, and found a second password for 2.
Now we have both "dummy" and "stiebrac".

But:

$ ./john --show pw
1:ripper
2:stiebrac
3:
5:123456

Shouldn't john --show somehow show that there are 2 possible passwords
for 2, may be by printing 2 separate lines?


$ ./john --show=LEFT pw
5:$crc32$fa455f6b.c59b2aeb
4:$crc32$4ff4f23f.ce6eb863
3:$crc32$00000000.00000000
2:$crc32$00000000.4ff4f23f
1:$crc32$00000000.fa455f6b

For FMT_NOT_EXACT we could also treat just those password hashes as left
to crack for which we don't have any password in the pot file.
Thoughts?

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.