Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <231f1cc6f3de3a61f5367db413fbbf34@smtp.hushmail.com>
Date: Thu, 13 Jun 2013 08:36:34 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Running Markov for a pre-determined amount of time

On 13 Jun, 2013, at 1:33 , Solar Designer <solar@...nwall.com> wrote:
> On Fri, May 31, 2013 at 12:39:32AM +0200, magnum wrote:
>> While updating doc/MARKOV I realized the new status figures emitted by John 1.8 makes it a lot easier to correctly choose a certain run time (which is perfect for cracking contests or pen-tests). Here's the updated section of that file:
> [...]
> 
> Thank you!  I've added this posting to:
> 
> http://openwall.info/wiki/john/mailing-list-excerpts
> 
> ... and this reminds me: I'd appreciate help maintaining that wiki page
> (mostly identifying and adding new postings that are worth it).

It was updated again - here is the current version (I'll update the wiki page).

--8<--------8<--------8<--------8<------

SELECTING THE PARAMETERS
The "LEVEL" parameter should be selected based on the desired maximum running
time. In order to select the appropriate LEVEL, the following steps should be
followed:

1/ Run the -single and -wordlist modes of john, as they will find many passwords
for a low price. Perhaps also -inc with a low -max-len that ends in minutes.

2/ Run john for at least 10 seconds (the longer, the more correct measurement)
on the file, for example using the -max-run-time=SECONDS option. For example:
*******************************************************************************
user@...t:run$ ./john -markov -max-run=10 hashfile
Loaded 128 password hashes with no different salts (nt, NT MD4 [128/128 X2 SSE2-16])
Press 'q' or Ctrl-C to abort, almost any other key for status
MKV start (stats=$JOHN/stats, lvl=200 len=12 pwd=259356431)
0g 0:00:00:10 DONE (2013-05-30 23:37) 0g/s 24914Kp/s 24914Kc/s 3319MC/s }svi..}
Session completed
*******************************************************************************
This means that john can test 24.9M passwords / second (24914Kp/s) when
attacking this very file. Since John version 1.8, this figure can be used
directly, salts and dupes or not (earlier versions only showed what is now
output as 3319MC/s and that is harder to use).

3/ Evaluate the quantity of passwords that could be tried during the targeted
time. Using the previous example, a targeted cracking time of 3 hours will lead
to a quantity of 269 G passwords (24914000*3600*3) to test.

4/ Use the genmkvpwd command to find the corresponding level. Using the
previous example, with a maximum password length of 12:
*******************************************************************************
user@...t:run$ ./genmkvpwd stats 0 12
[...]
lvl=267 (6968 KB for nbparts) 238 G possible passwords (238763065366)
lvl=268 (6994 KB for nbparts) 264 G possible passwords (264314506579)
lvl=269 (7020 KB for nbparts) 292 G possible passwords (292593173165)
[...]
*******************************************************************************
Here, the selected level will be 268 (the highest level where the number of
possible passwords is less than our targeted 269 G).

5/ Run john:
*******************************************************************************
user@...t:run$ ./john -markov:268 -max-len:12 hashfile
*******************************************************************************


DISTRIBUTING WORK
The START and END parameter could be used to distribute work among many CPUs.
The old method is to evaluate the combined cracking speed of all CPUs
(adding the step 2 result for every CPUs available) and follow the previous
method. At step 5, share the cracking space among all CPUs, where each share is
proportional with the CPU's cracking speed. When using the new -node or -fork
options (or MPI), this will happen automatically (well, not the adjustment for
heterogenous speeds, but an even split).

For example:
./john -markov -node=3/4      will split the space in four parts and pick the
                              third fourth for this session.
./john -markov -fork=8        will split the space in eight parts and run one
                              process for each. MPI works the same but can
                              launch the job on remote hosts.

--8<--------8<--------8<--------8<------


magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.