Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20180227220121.GA20686@openwall.com>
Date: Tue, 27 Feb 2018 23:01:21 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: dmg file with lost password

On Tue, Feb 27, 2018 at 04:35:22PM -0500, Ian Boyd wrote:
> I believe I did get Johnny to work using the dmgsjohn. file and chose the dmg for the file format in the drop down.
> The program has currently been running for a total time of 2:17:48:33 and has worked through Single rule, Wordlist rule, and has been working on incremental rule for some time. But it's my understanding that incremental typically takes the longest time. Is this correct?
> Can this process take a long time?

Yes, it can take forever, unless it cracks your password first.  To have
a better chance of cracking the password, you'll need to focus the
attack using whatever information about the password you can recall.

But first of all you should really want to "show us the full output from
JtR (copy-paste from a Johnny window)".  Without that, we can't be
confident you ran it correctly and that it is doing what it should be.
By incorrect invocation, it is possible to have it spend a lot of time
processing without it actually doing anything even remotely reasonable.

Another thing you might want to do is generate a test dmg file with an
obviously very weak password and have JtR crack that.  This will serve
to verify that you do things right and will show you what the output of
a correctly running attack should look like.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.