Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Mon, 20 Mar 2006 10:36:07 +0000
From: Hari Sekhon <harisekhon@...il.com>
To:  john-users@...ts.openwall.com
Subject: getting cracking speed info with nohup

When running nohup ./john passwdfile &, how can I found out the speed of 
the cracking the way you can when you just run ./john passwdfile and 
press enter to see what it is trying and how many combinations a second 
is is doing..?

I'm interested because I'm running hashes on two machines, a lame Via 
1Ghz and my own Athlon XP 2200.



Solar Designer wrote:
> On Wed, Mar 15, 2006 at 09:19:30AM +0000, Hari Sekhon wrote:
>   
>> I find that john --show passwdfile works best.
>>     
>
> This is what you're supposed to be using.  In fact, it's the only
> documented way to obtain the cracked passwords.
>
>   
>> The john.pot and john.log 
>> don't give useful information pairings of username/passwords. john.pot 
>> holds passwords and hashes, which is fine to look at if the username is 
>> the same as the password but a bit of a guessing game otherwise...
>>     
>
> john.pot is a file that John uses internally.  It is machine-friendly,
> not human-friendly.  "john --show" may also display more cracked users
> (e.g., if the same password hash is shared for several users, john.pot
> may have it listed only once, but "john --show" will display the
> password for all of the affected users) and it will combine any partial
> hashes (those are stored in john.pot on separate lines).
>
> The output of John while it is running may also not include all of the
> cracked passwords, so you should not be relying on it for that.  In
> particular, this may happen when the same password hash is shared for
> multiple users and you're running John in other than "single crack" or
> batch modes.  In those cases, John would simply not load the duplicate
> instances of the hash for cracking - yet a subsequent "john --show" run
> would correctly display all of the users whose passwords get cracked.
>
>   
>> Ps. It would be better if john sent it's output as it's going along the 
>> same way that most unix programs do
>>     
>
> Actually, John works _exactly_ the same way that most other Unix
> programs do.  This buffering of program output is performed by most C
> libraries, and programs have to explicitly ask the library to not buffer
> their output or to line-buffer it (instead of buffering fixed amounts of
> data) if they want to.  Most programs don't change the default.
>
> Maybe John should be explicitly line-buffering its standard output,
> although that would slow things down in those special cases when John
> produces a lot of output (successfully cracking thousands of passwords
> per second).
>
>   
>> so that I could do
>>
>> ./john passwdfile > john.progressfile 2>&1 &
>>
>> and then just tail -f the john.progressfile. Or even better to nohup 
>> john and then you could log off/close ssh session etc and ssh back into 
>> it some time/days later and do the tail -f...
>>     
>
> This has already been suggested: use GNU screen.
>
> You do need to use "john --show" to get at the actual cracked passwords
> anyway.
>
>   

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ