Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <200505131039.58292.behrisch@informatik.hu-berlin.de>
Date: Fri, 13 May 2005 10:39:57 +0200
From: Michael Behrisch <behrisch@...ormatik.hu-berlin.de>
To: john-users@...ts.openwall.com
Subject: Comparing John session files and more

Hello,
We use JtR to check our passwords on a regular basis and I would 
like to know whether something like the following would be 
considered possible from your point of view.

While testing a passwd (of say 1000 users) the users keep on 
changing passwords, thus one could try to check the new
passwords whenever they reached a certain limit (say 100).
In order not to loose the progress on the remaining 900 
passwords I would like to stop the first process, start another 
john just checking the 100 new ones and joining the two
when the second reached the state of the first.
The following questions occur:
Is it save to restore a session with a different passwd than 
it was interrupted with?
How do I know whether the second process did catch up?
(At the moment I do compare the rule number in wordlist mode 
and the entry number in incremental mode which are both recorded 
in the .rec file. Is that the right thing to do?)

Attached You will find my bash-script which runs as a daily cron job.
Maybe it's helpful.

Thanks for your help,
Michael Behrisch


-- 
Michael Behrisch (Tel. +49 30 2093-3123)
HU Berlin, Institut fuer Informatik, Arbeitsgruppe Algorithmen
http://www.informatik.hu-berlin.de/~behrisch/

#!/bin/sh

DIFF="diff --old-line-format='' --unchanged-line-format=''"
JOHN="${HOME}/john/john"
PASSWORDFILE="${HOME}/john/passwd"
NEWPASSWORDFILE="${HOME}/john/newpasswd"
DIFFPASSWORDFILE="${HOME}/john/diffpasswd"
MINDIFF=100
MAILTO="behrisch"

DIFFCOUNT=`$DIFF $PASSWORDFILE $NEWPASSWORDFILE | wc -l`
( echo -n "unchecked passwords: $DIFFCOUNT  "; $JOHN --status 2>&1 ; $JOHN 
--show $NEWPASSWORDFILE | cut -f 1,5,6 -d : ) | mail -s "Users with insecure 
passwords" $MAILTO
if [ $DIFFCOUNT -ge $MINDIFF ]; then
  cp $NEWPASSWORDFILE $PASSWORDFILE
  killall -9 john
  if [ ${JOHN}2.rec -nt $JOHN.rec ]; then
    $JOHN $PASSWORDFILE* >/dev/null
  else
    $DIFF $PASSWORDFILE $NEWPASSWORDFILE > $DIFFPASSWORDFILE
    $JOHN --session=john2 $DIFFPASSWORDFILE >/dev/null
  fi
elif ! ps -ef | grep $JOHN | grep -v -q grep; then
  if [ ${JOHN}2.rec -nt $JOHN.rec ]; then
    $JOHN --restore=john2 >/dev/null
  else
    $JOHN --restore >/dev/null
  fi
elif [ ${JOHN}2.rec -nt $JOHN.rec ]; then
  #if john2 is as far as john kill john2 and resume john
  PASS=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+6 {print $0}' $JOHN.rec`
  PASS2=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+6 {print $0}' ${JOHN}
2.rec`
  if [ $PASS2 -eq $PASS ]; then
    PASS=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+8 {print $0}' 
$JOHN.rec`
    PASS2=`awk 'NR==2 {offset=$0} offset>0 && NR==offset+8 {print $0}' ${JOHN}
2.rec`
  fi
  if [ $PASS2 -gt $PASS ]; then
    killall -9 john
    $JOHN --restore >/dev/null
  fi
fi

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.