Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAN3PJWggDXB+4TqynVkTku+PMDT68SJc=ZGN1zcMrwA65f0dUg@mail.gmail.com>
Date: Wed, 6 May 2015 00:43:46 -0400
From: Yulong <yyl.dev@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Question on showing number of guesses tried

One thing I just noted is, the number is same for two different cracked
passwords:

0:00:00:00 + Cracked ? as candidate #49152
0:00:00:00 + Cracked ? as candidate #49152

I am pretty confident that they are two different passwords after I did the
counting. I guess this is because, like I asked in previous email, the
number means differently than # of guesses tried? Because it would hard to
crack 2 different passwords in a single guess:)

On Wed, May 6, 2015 at 12:33 AM, Yulong <yyl.dev@...il.com> wrote:

> Hi,
>
> thanks for the detailed explanation! I was able to obtain the batch info
> and also the logs you mentioned in later email. I used still the 1.8.0
> jumbo1, not build from bleed.
>
> 0:00:00:09 + Cracked ? as candidate #45219840
> 0:00:00:23 + Cracked ? as candidate #96829440
> 0:00:00:24 + Cracked ? as candidate #103858176
>
> Mine is very close to yours, although it didn't print out the actual
> cracked password. One thing I am still not clear is, so now the number is #
> of candidates tried, is it equivalent to # of guesses, or # of word from
> the wordlist? The two things might be different because one word from
> wordlist could produce many guesses based on different rules.
>
> For my research, exact figure would be desirable, but a number within a
> tight range (like in a batch of 64) is acceptable. I am trying to compare
> say two different sets of passwords in terms of resistance towards to
> cracking.
>
> On Tue, May 5, 2015 at 6:45 PM, magnum <john.magnum@...hmail.com> wrote:
>
>> On 2015-05-06 00:01, magnum wrote:
>>
>>> On 2015-05-05 23:14, Yulong wrote:
>>>
>>>> Regarding to the inaccuracy, is it totally off? I mean, if we know how
>>>> many
>>>> passwords per "batch" we try, then the actual number of guesses would be
>>>> just "displayed result"/"# per batch"? Thought the question now
>>>> becomes how
>>>> to know # of passwords per batch.
>>>>
>>>
>>> Well you can query it like this:
>>>
>>> $ ../run/john --list=format-all-details --format=wpapsk
>>> Format label                         wpapsk
>>>   Disabled in configuration file      no
>>> Min. password length in bytes        8
>>> Max. password length in bytes        63
>>> Min. keys per crypt                  8
>>> Max. keys per crypt                  64  <-- this figure
>>> (...)
>>>
>>> So for WPAPSK format, it's 64 on my system (you may get a different
>>> figure - it depends on build options, number of cores, AVX/AVX2 and
>>> other things).
>>>
>>> In that case, if a password is found among candidate 1-64, it will be
>>> shown as 64. If it's found among 65-128, it will be shown as 128 and so
>>> on. There is obviously no way to divide that number to get a more exact
>>> figure.
>>>
>>
>> I found a trivial way to get an exact figure in the log file without
>> affecting performance. Screen output will still be rounded up to batch size
>> but log file will show the exact numbers, as in:
>>
>> $ ../run/john ../test/rawmd5_tst.in -form:raw-md5 -inc
>> Loaded 1500 password hashes with no different salts (Raw-MD5 [MD5 128/128
>> AVX 4x3])
>> Warning: poor OpenMP scalability for this hash type, consider --fork=8
>> Will run 8 OpenMP threads
>> Press 'q' or Ctrl-C to abort, almost any other key for status
>> 12345            (u28-RawMD5)
>> start1           (u54-RawMD5)
>> 2g 24576p 0:00:00:01  1.086g/s 13356p/s 13356c/s 20034KC/s 013356..breash
>>                  (u6-RawMD5)
>> 1                (u8-RawMD5)
>> 4g 49152p 0:00:00:02  1.941g/s 23860p/s 23860c/s 35766KC/s breasd..153928
>> (...)
>>
>> $ grep Cracked ../run/john.log
>> 0:00:00:01 + Cracked u28-RawMD5 as candidate #2
>> 0:00:00:01 + Cracked u54-RawMD5 as candidate #1834
>> 0:00:00:01 + Cracked u6-RawMD5 as candidate #25740
>> 0:00:00:01 + Cracked u8-RawMD5 as candidate #25741
>>
>>
>> If you need this, build from a snapshot of bleeding-jumbo:
>> https://github.com/magnumripper/JohnTheRipper
>>
>> magnum
>>
>>
>
>
> --
> Best,
> Yulong
>



-- 
Best,
Yulong

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.