Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform Pro for Linux Pro for Mac OS X Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repository (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 22 Sep 2006 22:04:37 +0200
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Loaded # of password hashes in batch mode

Just a minor issue I found in the john-1.7.2 and john-1.7.0.2 versions
(linux-x86-mmx), i didn't test older versions:
The number of different password hashes which is reported on stdout
and in the log file is somewhat confusing.

Example:

>./john --session=batch pw.90
Loaded 27857 password hashes with 90 different salts (Traditional DES [64/64 
BS MMX])
guesses: 0  time: 0:00:00:00 0% (1)  c/s: 0.00  trying: RAMMYASS - RTZA86H
guesses: 0  time: 0:00:00:01 3% (2)  c/s: 12164K  trying: 54321 - neerg
guesses: 0  time: 0:00:00:02 86% (2)  c/s: 41994K  trying: ongissor - 
erutangi
guesses: 0  time: 0:00:00:04 (3)  c/s: 21279K  trying: 1952 - sarah1
guesses: 0  time: 0:00:00:05 (3)  c/s: 20405K  trying: 48662733 - starlies
guesses: 0  time: 0:00:00:06 (3)  c/s: 23337K  trying: 0100022 - 0142655
guesses: 0  time: 0:00:00:08 (3)  c/s: 24651K  trying: 2472 - rji
Session aborted

>./john --restore=batch
Loaded 27857 password hashes with 90 different salts (Traditional DES [64/64 
BS MMX])
guesses: 0  time: 0:00:00:08 (3)  c/s: 24928K  trying: 2474 - rjk
guesses: 0  time: 0:00:00:09 (3)  c/s: 27377K  trying: andran - arina1
guesses: 0  time: 0:00:00:10 (3)  c/s: 26016K  trying: shomin - stupon
Session aborted

>./john --session=single --single pw.90
Loaded 27857 password hashes with 90 different salts (Traditional DES [64/64 
BS MMX])
guesses: 0  time: 0:00:00:00 100%  c/s: 16588K  trying: AEG7TZDG - U$UXQPM7

>./john --session=wordlist --wordlist=password.lst pw.90
Loaded 27446 password hashes with 90 different salts (Traditional DES [64/64 
BS MMX])
guesses: 0  time: 0:00:00:01 100%  c/s: 69329K  trying: raiders - zhongguo

>./john --session=incremental --incremental pw.90
Loaded 27446 password hashes with 90 different salts (Traditional DES [64/64 
BS MMX])
guesses: 0  time: 0:00:00:00  c/s: 0.00  trying: 1952 - sarah1
guesses: 0  time: 0:00:00:01  c/s: 17196K  trying: pin - marren
guesses: 0  time: 0:00:00:02  c/s: 13268K  trying: deb - berta
Session aborted

>grep "." batch.log single.log wordlist.log incremental.log | egrep -i 
>"(remaining|loaded)"
batch.log:0:00:00:00 Loaded a total of 62788 password hashes with 90 
different salts
batch.log:0:00:00:00 Remaining 27857 password hashes with 90 different salts
batch.log:0:00:00:00 - Processing the remaining buffered candidate passwords
batch.log:0:00:00:08 Loaded a total of 62788 password hashes with 90 
different salts
batch.log:0:00:00:08 Remaining 27857 password hashes with 90 different salts
single.log:0:00:00:00 Loaded a total of 62788 password hashes with 90 
different salts
single.log:0:00:00:00 Remaining 27857 password hashes with 90 different 
salts
single.log:0:00:00:00 - Processing the remaining buffered candidate 
passwords
wordlist.log:0:00:00:00 Loaded a total of 61575 password hashes with 90 
different salts
wordlist.log:0:00:00:00 Remaining 27446 password hashes with 90 different 
salts
incremental.log:0:00:00:00 Loaded a total of 61575 password hashes with 90 
different salts
incremental.log:0:00:00:00 Remaining 27446 password hashes with 90 different 
salts



Looks like john reports the number of (loaded/remaining) hashes for
single mode when running in batch mode, even if the single mode step
has been completed.
62788/61575 and 27857/27446 are the nubers of total and uncracked
hashes, including/excluding duplicates.

For single mode or when using john --show, it is reasonable to report
the total number of hashes including duplicate hashes due to
different user names... - even if it is not mentioned in the
documentation. (I just grepped the doc directory.)
But once the --single step is completed, john should IMHO report
the number of unique hashes (loaded/remaining), even when running
in batch mode.

Should I have attached sample john.pot/john.conf/password files?


Regards,
Frank



-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ