Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20110822141921.GA15087@openwall.com>
Date: Mon, 22 Aug 2011 18:19:21 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: MPI / OpenMPI

On Mon, Aug 22, 2011 at 08:43:17AM -0500, Richard Miles wrote:
> You are right, I call them with "&" on the end. What should be a
> better solution in this case?

When you invoke just one instance of john at a time, like you said you
did, and you want to see status on a keypress, then there's no reason
for you to background those commands (so just omit the "&" and "wait").

When you invoke more than one at a time, then you do in fact need to
background them (or do it for all but one).  Then to see the status you
may use the approach I described previously ("killall -HUP john" and
"john --status=SESSION-NAME").

> I have a quad core computer, my understanding was that I had just 4
> cores. For example, when I run pyrit it just detect 4 CPUs and 1 GPU.
> But, I will try.

OK, then you probably actually have just 4 logical CPUs and not 8.
Another way to find this out under Linux is by using this command:

grep -c ^processor /proc/cpuinfo

> There is a way to know in which processor a john instance is running?

Under typical operating systems, it will keep changing (this is
so-called weak affinity) unless you specifically lock the process to a
CPU in an OS-specific way (but there's no need to do so).

Under Linux with top(1) from procps, you may press "f", "j", Enter while
running "top" to add an extra column showing the CPU number for each
process.  For multi-threaded processes (such as OpenMP-enabled builds of
JtR), it shows the CPU number for just one of the threads, it seems.

Why do you care, though?

> Make sense. BTW, I found a nice page, it for sure is not helpful for
> you, but was helpful for me and I guess may be helpful for others so
> I'm sharing here. It describe the format of hash files that JtR
> accepts per format.
> 
> http://pentestmonkey.net/cheat-sheet/john-the-ripper-hash-formats

Yes, I tweeted this one (under @Openwall) a few days ago.

We also maintain similar info on the wiki:

http://openwall.info/wiki/john/sample-hashes
http://openwall.info/wiki/john/sample-non-hashes

> BTW I have to update, they have tons of hashes that my version doesn't
> support. For example, what is a ssh hash?

It is not a hash.  A few other things on that page are not hashes either.
John the Ripper is not only for hashes. :-)

In recent -jumbo, there's the ssh2john utility, which produces those
lines from passphrase-encrypted SSH private keys.  When you run john on
the resulting lines, it tries to crack the passphrases, which will then
let you use the SSH keys.

> Talking again about GPU maybe you should consider NTLMv2 hashes, they
> are a bit hard to crack, in special because of Windows password
> complexity. I know you guys do a great job and has a lot of things to
> do, so it's just a suggestion since I guess it's very common and may
> benefict many users in real life.

There's no such thing as NTLMv2 hashes, as far as I am aware.  There
are various challenge/response pairs.  Are you referring to what JtR
knows as NETNTLMv2?

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.