|
Message-ID: <b67b10cd-f941-db84-0a0f-56af211f2f3c@openwall.net> Date: Tue, 8 Nov 2016 09:58:38 -0600 From: jfoug <jfoug@...nwall.net> To: john-users@...ts.openwall.com Subject: Re: John stuck on the same range It is more 'efficient' for slow hashes (bcrypt is VERY slow), to do it this way. But for fast and even medium fast salted hashes, it will crack quite a few more passwords leaving it in the current default (but the runtime is quite a bit slower, if there are many cracks). HOWEVER, even for the cases where it is fast, if we did change the single mode to NOT automatically do this, within jumbo, we have an added functionality mode called loopback. Loopback will properly re-run found candidates, playing them right back against all uncracked candidates, along with allowing rules, and other things to also be used. IMHO, it is much better (will crack more), to have single run with "SingleRetestGuessed = N", and then run a loopback mode after the fact. The things that affect overall single running are: - Speed of "single salt" - number of input hashes - How much information (user, GECOS, etc) words on average there are for each user. I believe john core will limit itself to a small number of words max (6?). John jumbo has john.conf params which allow a user to set this number up or down, or even turn off using data from some hash fields. The single mode is VERY (VERY) powerful, especially against a very large db of very slow hashes. I made many of these 'changes' to john jumbo (the config overrides), when working with single mode in the AM dump (27million bcrypt-32 hashes). Cracking worked, but very slowly. By making changes (these override additions), I was able to speed things up quite a bit, due to not having to run found words against all the entire 27 million (which would take about 3 weeks to run 3 words). I ended up cracking about 2million of these bcrypt-32's before finding a much better way (simpler salted md5, that was 'left over' from a prior algorithm). But on a very slow hash like that, and against such a huge list, the replaying of candidates, these overrides are required. Jim. On 11/8/2016 9:03 AM, Eugene Yarmash wrote: > Thanks. How about making this a default? Seems much more efficient > (and expected, perhaps). > > > On 11/08/2016 01:50 AM, magnum wrote: >> In Jumbo you can actally have this without a hack/recompile. Just >> un-comment the "SingleRetestGuessed = N" in john.conf. You can also >> tune down (or up) the SingleWordsPairMax or skip the login field with >> SingleSkipLogin (if you already did a run with eg. login field only). >> >> magnum >> >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.