Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 10 Sep 2006 16:47:01 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: behavior when no mode is requested (batch mode)

I've changed the Subject.  Please try to use short but descriptive
message Subjects on your questions.

On Sat, Sep 09, 2006 at 08:44:34PM +0200, websiteaccess wrote:
>  I don't understand that syntax
> 
>  ./john -format=raw-md5 mypass.txt

You did not read the documentation carefully enough.  Here are some
quotes.  The very first example on the README is -

| To run John, you need to supply it with some password files and
| optionally specify a cracking mode, like this, using the default order
| of modes and assuming that "passwd" is a copy of your password file:
| 
| 	john passwd

In OPTIONS, it is said that -

| You can list any number of password files right on the command line of
| "john".  You do not have to specify any options.  If valid password
| files are specified but no options are given, John will go through
| the default selection of cracking modes with their default settings.

CONFIG describes a configuration file option used when JtR is invoked
with no cracking mode requested -

| Wordlist = FILENAME
| 
| Set this to your wordlist file name, to be used in batch mode (which is
| activated when you start John with password files, but not specifying a
| cracking mode).  The default is "$JOHN/password.lst", that is, the file
| named "password.lst" in John's "home directory".

EXAMPLES also gives this as the very first JtR usage example (right
after suggestions on how to obtain a copy of your password file) -

| 2. Now, let's assume you've got a password file, "mypasswd", and want to
| crack it.  The simplest way is to let John use its default order of
| cracking modes:
| 
| 	john mypasswd
| 
| This will try "single crack" mode first, then use a wordlist with rules,
| and finally go for "incremental" mode.  Please refer to MODES for more
| information on these modes.

> is it the same thing as  "./john -format=raw-md5 -i:all" ?

No.  Currently, "batch mode", which is activated when JtR is invoked
with no cracking mode requested explicitly, consists of three passes:

1. "Single crack" mode.

2. Wordlist mode with word mangling rules enabled, using the wordlist
specified with "Wordlist = ..." in john.conf (or john.ini).

3. "Incremental" mode using either the settings for "[Incremental:All]"
or "[Incremental:LanMan]" (the latter when cracking LM hashes).

> Loaded 1 password hash (Raw MD5 [raw-md5])
> guesses: 0  time: 0:00:00:02 1% (2)  c/s: 599478  trying: {arvo}
...
> guesses: 0  time: 0:00:03:10 95% (2)  c/s: 465223  trying: puddy858
> guesses: 0  time: 0:00:03:20 (3)  c/s: 462393  trying: 195d

The number in braces is the current batch mode pass number - 1 to 3.
This is not well documented, but it is briefly mentioned in this FAQ
entry -

| Q: I am running John for 10 days and it is still not finished?!
| Q: How long should I expect John to run?
| A: It primarily depends on the cracking mode(s) and on your password
| files (in particular, the type of hashes and the number of different
| salts, if applicable).  Most importantly, you should note that the
| "incremental" mode, which a default John run (with no command line
| options) proceeds with after being done with the quicker checks, is not
| supposed to terminate in a reasonable time.  It is up to you to decide
| how long you're going to let it run, then consider any uncracked
| passwords strong enough.  "Single crack" mode runs typically take from
| under a second to one day (depending on the type and number of password
| hashes).  Wordlist mode runs may also be quick (under a second) for
| tiny wordlists and fast hashes or they may take multiple days with large
| wordlists, with word mangling rules, and with slow hash types and
| substantial numbers of different salts.  The status line John reports
| whenever you hit a key includes a progress indicator (percent complete)
| for "single crack" and wordlist modes.  With no cracking mode requested
| explicitly, John will start with "single crack" mode (pass 1), then
| proceed with wordlist mode (pass 2), and finally with "incremental" mode
| (pass 3).  The pass numbers are reported on the status line, too.  It is
| reasonable to let John reach "incremental" mode (pass 3) and run that
| for a while (some days).  You will notice that John's success rate (the
| number of passwords cracked per hour or per day) will be dropping
| rapidly.  When you determine that the success rate is low enough, you
| interrupt John.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ