Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <500a48ce2981d3d40063ed56e266018c@smtp.hushmail.com>
Date: Fri, 31 May 2013 00:39:32 +0200
From: magnum <john.magnum@...hmail.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Running Markov for a pre-determined amount of time

While updating doc/MARKOV I realized the new status figures emitted by John 1.8 makes it a lot easier to correctly choose a certain run time (which is perfect for cracking contests or pen-tests). Here's the updated section of that file:

magnum

--8<--------8<--------8<--------8<------

SELECTING THE PARAMETERS
The "LEVEL" parameter should be selected based on the desired maximum running
time. In order to select the appropriate LEVEL, the following steps should be
followed:

1/ Run the -single and -wordlist modes of john, as they will find many passwords for a low price. Perhaps also -inc with a low -max-len that ends in minutes.

2/ Run john with a low markov level on the file, that runs for more than 10 seconds but will quit in a minute or two. For example:
*******************************************************************************
user@...t:run$ ./john -markov:200 hashfile
Loaded 128 password hashes with no different salts (nt, NT MD4 [128/128 X2 SSE2-16])
Press 'q' or Ctrl-C to abort, almost any other key for status
MKV start (stats=$JOHN/stats, lvl=200 len=12 pwd=259356431)
0g 0:00:00:10 DONE (2013-05-30 23:37) 0g/s 24914Kp/s 24914Kc/s 3319MC/s }svi..}
Session completed
*******************************************************************************
This means that john can test 24.9M passwords / second (24914Kp/s). Since John version 1.8, this figure can be used directly, salts or not (earlier versions only showed what is now output as 3319MC/s and that is harder to use).

3/ Evaluate the quantity of passwords that could be tried during the selected time. Using the previous example, a cracking time of 3 hours will lead to a quantity of 269 G passwords (24914000*3600*3) to test.

4/ Use the genmkpwd command to find the corresponding level. Using the previous example, with a maximum password length of 12:
*******************************************************************************
user@...t:run$ ./genmkvpwd stats 0 12
[...]
lvl=267 (6968 KB for nbparts) 238 G possible passwords (238763065366)
lvl=268 (6994 KB for nbparts) 264 G possible passwords (264314506579)
lvl=269 (7020 KB for nbparts) 292 G possible passwords (292593173165)
[...]
*******************************************************************************
Here, the selected level will be 268 (the highest level where the number of possible passwords is less than 269 G).

5/ Run john:
*******************************************************************************
user@...t:run$ ./john -markov:268 -max-len:12 hashfile
*******************************************************************************


DISTRIBUTING WORK
The START and END parameter could be used to distribute work among many CPUs. The old method is to evaluate the combined cracking speed of all CPUs (adding the step 2 result for every CPUs available) and follow the previous method. At step 5, share the cracking space among all CPUs, where each share is proportional with the CPU's cracking speed. When using the new -node or -fork options (or MPI), this will happen automatically (well, not the adjustment for heterogenous speeds, but an even split).

For example:
./john -markov -node=3/4        will split the space in four parts and pick the
                                third fourth for this session.
./john -markov -fork=8          will split the space in eight parts and run one
                                process for each. MPI works the same but can
                                launch the job on remote hosts.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.