Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 22 Sep 2006 22:04:37 +0200
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Loaded # of password hashes in batch mode

Just a minor issue I found in the john-1.7.2 and john-1.7.0.2 versions
(linux-x86-mmx), i didn't test older versions:
The number of different password hashes which is reported on stdout
and in the log file is somewhat confusing.

Example:

>./john --session=batch pw.90
Loaded 27857 password hashes with 90 different salts (Traditional DES [64/64 
BS MMX])
guesses: 0  time: 0:00:00:00 0% (1)  c/s: 0.00  trying: RAMMYASS - RTZA86H
guesses: 0  time: 0:00:00:01 3% (2)  c/s: 12164K  trying: 54321 - neerg
guesses: 0  time: 0:00:00:02 86% (2)  c/s: 41994K  trying: ongissor - 
erutangi
guesses: 0  time: 0:00:00:04 (3)  c/s: 21279K  trying: 1952 - sarah1
guesses: 0  time: 0:00:00:05 (3)  c/s: 20405K  trying: 48662733 - starlies
guesses: 0  time: 0:00:00:06 (3)  c/s: 23337K  trying: 0100022 - 0142655
guesses: 0  time: 0:00:00:08 (3)  c/s: 24651K  trying: 2472 - rji
Session aborted

>./john --restore=batch
Loaded 27857 password hashes with 90 different salts (Traditional DES [64/64 
BS MMX])
guesses: 0  time: 0:00:00:08 (3)  c/s: 24928K  trying: 2474 - rjk
guesses: 0  time: 0:00:00:09 (3)  c/s: 27377K  trying: andran - arina1
guesses: 0  time: 0:00:00:10 (3)  c/s: 26016K  trying: shomin - stupon
Session aborted

>./john --session=single --single pw.90
Loaded 27857 password hashes with 90 different salts (Traditional DES [64/64 
BS MMX])
guesses: 0  time: 0:00:00:00 100%  c/s: 16588K  trying: AEG7TZDG - U$UXQPM7

>./john --session=wordlist --wordlist=password.lst pw.90
Loaded 27446 password hashes with 90 different salts (Traditional DES [64/64 
BS MMX])
guesses: 0  time: 0:00:00:01 100%  c/s: 69329K  trying: raiders - zhongguo

>./john --session=incremental --incremental pw.90
Loaded 27446 password hashes with 90 different salts (Traditional DES [64/64 
BS MMX])
guesses: 0  time: 0:00:00:00  c/s: 0.00  trying: 1952 - sarah1
guesses: 0  time: 0:00:00:01  c/s: 17196K  trying: pin - marren
guesses: 0  time: 0:00:00:02  c/s: 13268K  trying: deb - berta
Session aborted

>grep "." batch.log single.log wordlist.log incremental.log | egrep -i 
>"(remaining|loaded)"
batch.log:0:00:00:00 Loaded a total of 62788 password hashes with 90 
different salts
batch.log:0:00:00:00 Remaining 27857 password hashes with 90 different salts
batch.log:0:00:00:00 - Processing the remaining buffered candidate passwords
batch.log:0:00:00:08 Loaded a total of 62788 password hashes with 90 
different salts
batch.log:0:00:00:08 Remaining 27857 password hashes with 90 different salts
single.log:0:00:00:00 Loaded a total of 62788 password hashes with 90 
different salts
single.log:0:00:00:00 Remaining 27857 password hashes with 90 different 
salts
single.log:0:00:00:00 - Processing the remaining buffered candidate 
passwords
wordlist.log:0:00:00:00 Loaded a total of 61575 password hashes with 90 
different salts
wordlist.log:0:00:00:00 Remaining 27446 password hashes with 90 different 
salts
incremental.log:0:00:00:00 Loaded a total of 61575 password hashes with 90 
different salts
incremental.log:0:00:00:00 Remaining 27446 password hashes with 90 different 
salts



Looks like john reports the number of (loaded/remaining) hashes for
single mode when running in batch mode, even if the single mode step
has been completed.
62788/61575 and 27857/27446 are the nubers of total and uncracked
hashes, including/excluding duplicates.

For single mode or when using john --show, it is reasonable to report
the total number of hashes including duplicate hashes due to
different user names... - even if it is not mentioned in the
documentation. (I just grepped the doc directory.)
But once the --single step is completed, john should IMHO report
the number of unique hashes (loaded/remaining), even when running
in batch mode.

Should I have attached sample john.pot/john.conf/password files?


Regards,
Frank



-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ