Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20250408161057.GA19443@openwall.com>
Date: Tue, 8 Apr 2025 18:10:57 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Request for Guidance on Distributing John the Ripper Password Cracking to Cloud Nodes

Hi,

Unfortunately, Luis Rocha's message was HTML-only, so isn't visible in
web archives of the list (we simply remove rather than sanitize HTML).
The only reason why it even got through the spam filter is because it
was a reply; a start-of-thread message like this wouldn't get through.

Here it is in plain text:

> Hi, not sure if this still works but here is a small and old tutorial.
> Best
> Luis
> 
> Step-by-Step Clustering John the Ripper on Kali
> https://countuponsecurity.com/2015/05/07/step-by-step-clustering-john-the-ripper-on-kali/

Over that link is Luis' guide on setting up a cluster with NFS and MPI.

This is somewhat complicated, and NFS may be unreliable if used over the
Internet (rather than within the same network segment).

A simpler way is to copy the same files to the nodes manually or with a
script, and use the "--node" option (with different node numbers out of
the same total) to split the workload manually.  This is what I
recommend Pentester LAB to try first.  Please note that if you also use
"--fork", then you need to allocate ranges of virtual node numbers to
each physical node (at least one virtual node number per forked process),
e.g. "--fork=32 --node=33-64/128" for physical node 2 out of 4 if each
node is to run 32 processes.

On Mon, Apr 07, 2025 at 11:40:10AM +0530, Pentester LAB wrote:
> I am currently working on distributing password cracking tasks with John
> the Ripper across multiple computers, with my local machine serving as the
> primary host, and cloud-based machines acting as nodes in the distributed
> setup. Specifically, I am interested in using the incremental=ascii mode
> and would like guidance on how to connect the different nodes, which are
> running on separate networks.
> 
> Could you kindly provide me with detailed instructions on how to achieve
> the following:
> 
>    1.
> 
>    *Distributed Setup:* How can I connect and configure John the Ripper to
>    work across multiple computers running on different networks, with one
>    machine as the local host and others as remote nodes in the cloud?

We currently only have rather simplistic distributed processing
capabilities built into John the Ripper.  These are either the "--node"
option (simpler and more reliable, but disconnected) or MPI (connected,
but harder to setup and may not be reliable enough over the Internet).

So I recommend that you either use "--node" (and then it doesn't matter
where the machines are) or if you use MPI, then don't have that "one
machine as the local host", but instead have everything including the
master node in the same cloud (same virtual network).  You can run
commands under "screen" or "tmux" as usual to ensure your commands stay
running regardless of you disconnecting/reconnecting from/to them.

>    2.
> 
>    *Cloud Node Configuration:* What steps are necessary to configure the
>    cloud-based nodes, including any specific settings or configurations

For "--node", there's no special configuration, except that you need to
ensure the same files are present on each node.

For MPI, this is addressed in Luis' blog post.

>    required for them to work efficiently with the local machine in a
>    distributed cracking environment?

Like I explained, this is not a recommended setup.  It would be good for
us to have a capability to control a changing number of unreliable
agents (or/and over unreliable network) like this, but we do not have it
as a released feature (there were some unreleased experiments).

Most importantly, unless you're doing this just to learn, I suggest that
you start by considering your actual task and goals.  Distributed
processing with nodes in the cloud is unlikely the best way to achieve
whatever goals you have other than experimenting and learning.
Unlikely, yet it may be.  It depends.  From your message, we can't tell.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.