Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20110627092029.GA5049@openwall.com>
Date: Mon, 27 Jun 2011 13:20:29 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: brute force attack of an Unix crypt

Martin, Bartavelle -

On 27/06/2011 01:06, Martin T wrote:
> [Incremental:All8]
> File = /usr/share/john/all.chr
> MinLen = 8
> MaxLen = 8
> CharCount = 95
> 
> I remember that I really used letters, numbers and special
> characters(8 characters in total)

In my experience, people very often remember such things incorrectly.
Since trying lengths 1 through 7 is relatively cheap, I suggest that you
don't exclude those... or since you already did, now start a second
instance of John with MinLen = 1 and MaxLen = 7.

> guesses: 0  time: 141:18:48:12  c/s: 929072  trying: 2kageA3z - 2kageACs

You appear to be using a highly non-optimal build of John.  Perhaps you
used the linux-x86-any or generic make target instead of -64 or -sse2?

I suggest that you make a build of 1.7.8-omp-des-7 (with that patch),
using the proper make target for your machine.  This should improve the
speed by a factor of 10 (to approx. 10 million c/s).  After having
tested that with "john --test", interrupt your old session and --restore
it with the new version/build.  The reported speed will be increasing
slowly because all-time average is reported.

> How much longer it might take to decrypt this Unix crypt?

It might take years, but most passwords get cracked pretty quickly.

On Mon, Jun 27, 2011 at 10:47:35AM +0200, Bartavelle wrote:
> However, -inc doesn't test all passwords

Huh?  Actually, it does - just in a smart order.  So it must crack that
password within those 226 years, assuming that the password is in fact
length 8 and does not include control characters (ASCII codes below 32
decimal, or code 127).  Switching to a proper build of John improves
this worst-case estimate to around 21 years.  Moving to a Sandy Bridge
CPU (and an AVX build of John) improves this further to 11 years.  Using
11 such CPUs improves it to 1 year.

In practice almost all passwords are cracked much sooner, specifically
due to incremental mode's smart order of tries.  Chances are that
Martin's password would already be cracked with a proper build of John.

Martin - you mention you "generated" the password.  Did you do it with a
certain program, and which one (and with what specific settings)?  If
so, the proper attack would be to exploit that program's weaknesses.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.