Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20080123005116.GA8842@openwall.com>
Date: Wed, 23 Jan 2008 03:51:16 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: few passwords cracked (was: different formats..)

On Tue, Jan 22, 2008 at 06:13:54PM -0500, Steve ...... wrote:
> lynx@box:~/*****/big$ john --format=MD5 bigshadow
> Loaded 1192 passwords with 1191 different salts (FreeBSD MD5 [32/32])
> lynx@box:~/******$ john --format=MD5 smallshadow
> Loaded 670 passwords with 670 different salts (FreeBSD MD5 [32/32])

Yes, it is a bit weird that only 27 passwords got cracked in 15 hours.

> I noticed it says FreeBSD MD5 when these are not infact from a FreeBSD box,
> but that alaways has happend nothing new there.. just a thought.

This is normal.  This hashing method was originally developed by
Poul-Henning Kamp for FreeBSD, but later picked up by most Linux
distributions (via its addition to Linux-PAM and GNU libc), Cisco IOS,
and some others.  FWIW, I first added its support to JtR in 1997, and
the string "FreeBSD MD5" in version 1.5 released in 1998.

> ... 1191 different salts sounds bad?

It sounds about right for this hash type and for properly configured
systems.  You shouldn't expect a lot of matching salts when the "salt
space" is large (in this case, it is 48-bit).

> I assume the same box the same salts?

No idea what you mean here.

> maybe its cause im missing passwd?

No.  (Assuming that you're referring to your use of shadow files only.)

Since some of your hashes are clearly not being loaded for cracking, you
do need to use the "--format=..." option.  I'd start by trying
"--format=des" - this will likely get other hashes loaded, and get many
of them cracked.

As to your MD5-based hashes, those do appear to be mostly strong.  That
said, 15 hours is not a lot of time for these relatively slow hashes and
for the large number of different salts, so chances are that more
passwords will get cracked if you let JtR run for longer.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.