Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 23 Sep 2006 05:43:07 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Loaded # of password hashes in batch mode

On Fri, Sep 22, 2006 at 10:04:37PM +0200, Frank Dittrich wrote:
> The number of different password hashes which is reported on stdout
> and in the log file is somewhat confusing.

Yes, those numbers can be confusing in multiple ways.  I'm not sure how
to fix that.  I don't think that replacing the one-line messages with
long paragraphs of explanatory text would make things any better - at
least not for all users of John.

I've been considering adding a novice vs. expert john.conf setting that
would default to novice resulting in verbose messages being printed.
Does this sound like a good idea?  I'm afraid that verbose messages may
scare people, though - why mention some "duplicate hashes" when someone
is just learning how to use the program?

> Looks like john reports the number of (loaded/remaining) hashes for
> single mode when running in batch mode, even if the single mode step
> has been completed.
> 62788/61575 and 27857/27446 are the nubers of total and uncracked
> hashes, including/excluding duplicates.

That's correct and it's the intended behavior.

> For single mode or when using john --show, it is reasonable to report
> the total number of hashes including duplicate hashes due to
> different user names... - even if it is not mentioned in the
> documentation. (I just grepped the doc directory.)

Yes.  I'm not sure what part of the documentation this belongs to.
Maybe the FAQ, if there would actually be frequent questions on that.

> But once the --single step is completed, john should IMHO report
> the number of unique hashes (loaded/remaining), even when running
> in batch mode.

I'm not sure.  It would mean that the number of loaded hashes would
change from a mere interrupt and restoration of a session.  Wouldn't
that be even more confusing?

However, there's another reason to follow your suggestion and actually
not load duplicate hashes when past the "single crack" pass in batch
mode - the memory savings and slightly better performance possible with
fewer hashes loaded.  The reported effective c/s rate would be lower,
though, since it won't take the dropped duplicate hashes into account.

Maybe an even better fix would be to load just the usernames, GECOS
words, and home directory names from lines with duplicate hashes - not
the hashes themselves.  This would be more code, specifically because
there's currently a limit on the number of GECOS words per hash that
John would process (that's because "single crack" tries those words in
pairs and this quickly gets expensive), but maybe it's worth it.

> Should I have attached sample john.pot/john.conf/password files?

No.  You would have exceeded the maximum allowed message size for this
mailing list (currently at 40 KB), although I'm sure that some people
would have loved a copy of your password files otherwise. ;-)

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ