Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <B0DE74E4-965C-498B-AB0B-F61CE1981CFE@sl-chat.de>
Date: Wed, 13 Jan 2010 20:49:55 +0100
From: SL <auditor@...chat.de>
To: john-users@...ts.openwall.com
Subject: Re: getting started, unix_crypt hashes

Am 2010-01-13 um 19:49 schrieb Paul Needham:

> I noticed if I press the "-" key on my keyboard it gives me some  
> feedback on what JtR is doing
In fact, ANY key will do, see:
http://www.openwall.com/john/doc/
"While cracking, you can press any key for status, or Ctrl-C to abort  
the session"

> I was a little unsure as to what the "-" related information is  
> actually telling me, so could anyone confirm my assumptions, and  
> possibly clarify where I am unsure:
>
> guesses: 0 - ?
* John hasn't cracked a single hash in this session (yet).

> time: 0:00:00:09 - I expect this is how long the attempted crack  
> has been running for?
* I don't know for sure, but I believe this is CPU time, not real  
time. Unless you're running other high load processes, this shouldn't  
make much of a difference though.

> (3) - ?
* John is already at pass 3, so it has completed "--single" and "-- 
wordlist" with no success and is now running "--incremental".

http://www.openwall.com/john/doc/OPTIONS.shtml
"If [...] no options are given, John will go through the default  
selection of cracking modes with their default settings."

> c/s: 489829 - ?
* John is trying 489,829 password candidates per second on your  
machine (for "Traditional DES" hashes).

> trying: doneh - dorny - I expect this is the current attempted  
> cracks John is trying against the hash?
Yes.

> For anyone who has successfully cracked a password using the tool,  
> when JtR cracks 1 of the password hashes, does it inform the end-user?
Yes, the password is displayed along with the username (in parentheses).

> Or do we need to periodically enter a command to see what has been  
> cracked, and what the tool is still working on.
No, but you can show already cracked passwords by opening a second  
cmd.exe window and issuing:
john etcshadow --show

(Which doesn't really make sense until john has cracked the first  
hash, obviously.)

> The other thing I wondered, is has JTR been developed so that if it  
> detects the hashes are the traditional unix_crypt, will it keep the  
> crack combinations <=8 characters long, as to my knowledge such  
> passwords cant exceed 8 characters, therefore attempting a 10  
> character string would be a pointless exercise?  Or do I need to  
> tailor the settings to suit possibilities of unix_crypt passwords?  
> If so could you offer any tips? I guess the obvious one would be  
> formulating a word list only consisting of words or phrases of <=8  
> characters long.

Running ...
grep -m1 "PLAINTEXT_LENGTH" .DES_fmt.c
... in john's SRC directory shows:
#define PLAINTEXT_LENGTH                8

So, yes, "Traditional DES" passwords are limited to 8 characters,  
longer candidates are either truncated or rejected (I don't know  
which it is).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.