Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20040430164914.GA2822@openwall.com>
Date: Fri, 30 Apr 2004 20:49:14 +0400
From: Solar Designer <solar@...nwall.com>
To: owl-users@...ts.openwall.com
Cc: Luke.K.Franzelas@...star.net
Subject: Re: Question: John The Ripper and Word-list issues with Windows versions

On Thu, Apr 29, 2004 at 10:39:38AM -0400, Luke.K.Franzelas@...star.net wrote:
> I have searched the Openwall page for a JTR faq and I'm either blind or
> this is the method of asking questions.  (I am probably blind)  I hope this
> is the appropriate forum to ask my question.

It is not.  This mailing list is limited to topics related to Openwall
GNU/*/Linux, while in your question you're talking specifically about
running John the Ripper on Windows.  Although I do not think that the
problem you're running into is at all specific to the Windows build of
JtR, so I'll reply to the list this one time.  But please don't send
any further follow-ups to the list.

The proper author contact address for JtR is given inside the
downloadable tarballs/zips, and intentionally not given anywhere on
the web page for JtR.  I already receive too many questions on it, so
I insist that people at least download and try the thing for
themselves before e-mailing me.  Unfortunately, this policy has the
side effect that we receive questions on JtR to e-mail addresses
found on other pages of the Openwall site...

> john.exe -w:english.txt passshadow.txt
> Loaded 3 passwords with 3 different salts (Standard DES [24/32 4K])
> guesses: 0  time: 0:00:00:01 100%  c/s: 126501  trying: z's - zygote

This looks correct.  It means that John has tried 126501 different
candidate passwords and is done with your wordlist.  The range shown
is what it was trying last (it does not try passwords one by one, but
rather in chunks of 128 or whatever it deems optimal for the algorithm
it uses for a particular hash type on a particular hardware platform).
Do not misinterpret this as the range for the entire session.

> It seems that only the tail end of the wordlist is being used against the
> passwordfile.

No.

> The unshadowed password and shadow file I am using is from a test box where
> I know what all the passwords are.  One of the passwords is "password"  The
> word "password" is in my english dictionary list and does not appear to be
> tried against any of the accounts.  When I create a new dictionary list
> with just the word "password" in it the user account is cracked.  So it
> appears that the entire dictionary word list is not being utilized when
> running the software.

This is weird.  Either you're doing something wrong (and I'm quite
sure that you're, but I have no way to guess what exactly that might
be) or you've run into a bug in JtR (no, there's no known bug like
that in the version you're using).

-- 
Alexander Peslyak <solar@...nwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.