Date: Sat, 23 Sep 2006 05:43:07 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Loaded # of password hashes in batch mode On Fri, Sep 22, 2006 at 10:04:37PM +0200, Frank Dittrich wrote: > The number of different password hashes which is reported on stdout > and in the log file is somewhat confusing. Yes, those numbers can be confusing in multiple ways. I'm not sure how to fix that. I don't think that replacing the one-line messages with long paragraphs of explanatory text would make things any better - at least not for all users of John. I've been considering adding a novice vs. expert john.conf setting that would default to novice resulting in verbose messages being printed. Does this sound like a good idea? I'm afraid that verbose messages may scare people, though - why mention some "duplicate hashes" when someone is just learning how to use the program? > Looks like john reports the number of (loaded/remaining) hashes for > single mode when running in batch mode, even if the single mode step > has been completed. > 62788/61575 and 27857/27446 are the nubers of total and uncracked > hashes, including/excluding duplicates. That's correct and it's the intended behavior. > For single mode or when using john --show, it is reasonable to report > the total number of hashes including duplicate hashes due to > different user names... - even if it is not mentioned in the > documentation. (I just grepped the doc directory.) Yes. I'm not sure what part of the documentation this belongs to. Maybe the FAQ, if there would actually be frequent questions on that. > But once the --single step is completed, john should IMHO report > the number of unique hashes (loaded/remaining), even when running > in batch mode. I'm not sure. It would mean that the number of loaded hashes would change from a mere interrupt and restoration of a session. Wouldn't that be even more confusing? However, there's another reason to follow your suggestion and actually not load duplicate hashes when past the "single crack" pass in batch mode - the memory savings and slightly better performance possible with fewer hashes loaded. The reported effective c/s rate would be lower, though, since it won't take the dropped duplicate hashes into account. Maybe an even better fix would be to load just the usernames, GECOS words, and home directory names from lines with duplicate hashes - not the hashes themselves. This would be more code, specifically because there's currently a limit on the number of GECOS words per hash that John would process (that's because "single crack" tries those words in pairs and this quickly gets expensive), but maybe it's worth it. > Should I have attached sample john.pot/john.conf/password files? No. You would have exceeded the maximum allowed message size for this mailing list (currently at 40 KB), although I'm sure that some people would have loved a copy of your password files otherwise. ;-) Thanks, -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ