Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <263f59e00801221130v6e6d78c2t6f7561f900a66bc9@mail.gmail.com>
Date: Tue, 22 Jan 2008 14:30:08 -0500
From: "Steve ......" <lynx.9595@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: few passwords cracked (was: different formats..)

 > Not necessarily.  Those systems might have mostly strong passwords.  It
> is impossible to tell from just the information you have provided.  (How
> many hashes did JtR load for that 15-hour cracking session?)

as shown below it loaded 838 and 3229 hashes of which 27 passwords were
cracked!

I dont believe it is entirely because they are strong passwords, if thats
the case. its from about 12 different boxses with I dont believe any
addtional security in place.. there has GOT to be more then 1 weak password
out of a total of 838 hashes... and more then 26 out of 3229 hashes.. so Im
kinda clueless as to why its not cracking properly.. I think Im gonna try
reinstall john with the newest version but I dont see that changing much.

Im not sure what else information I can provide to see what excatly is going
on.. =/

> lynx@box:~/****$ john --show smallshadow
> halu:111111:12668:0:99999:7::::
> 1 password cracked, 838 left
>
> lynx@box:~/*****/big$ john --show bigshadow
>
vmspam:none:98006:98000::::Incoming:/home/sites/site98/users/vmspam:/bin/ftponly:www.******.com
> etc.....
> 26 passwords cracked, 3229 left

> This looks good (except that you should have used "unshadow" on the
> first file and that you're using an outdated version of JtR - but this
> shouldn't have affected the number of cracked passwords that much).

> If you really let JtR run against all of those hashes for 15 hours (this
> is not seen from your posting), giving it the proper "--format=..."
> option if necessary, then most of those passwords are likely pretty
> strong.  If so, perhaps the systems have password policy enforcement in
> place.

> Another possibility is that the systems you got these files from had
> some local customizations, making some of the uncracked hashes
> incompatible with JtR, but this is unlikely.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.