Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 28 Dec 2008 21:49:07 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: large pot and --show problem

On Sun, Dec 28, 2008 at 02:34:42AM +0000, Ruben Lara wrote:
> Password file is about 55 MB, to burte force it take ~3 hours,

Of course, it's "3 hours" for a specific kind of attack only.  "Brute
force" can mean too many different things, which is why I avoid using
these words.

> and --show never end :P, well i get it running about 3 days, and continue...
...
> Tasks:  53 total,   3 running,  50 sleeping,   0 stopped,   0 zombie
> Cpu(s):  4.7%us,  3.7%sy,  0.0%ni,  0.0%id, 91.3%wa,  0.3%hi,  0.0%si,  0.0%st
> Mem:    516480k total,   511476k used,     5004k free,      212k buffers
> Swap:   996020k total,   382872k used,   613148k free,    13344k cached
>  
>   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
>  2579 bermejo   20   0  575m 325m  348 R  0.7 64.5   0:15.28 john

Well, from your "top" output we can see that your system is mostly
waiting for disk I/O to complete ("91.3%wa"), and that it is running out
of memory (RAM).  The virtual memory usage is around 855 MB, of which
around 575 MB is by the "john" process, yet the "john" process can only
get around 325 MB of RAM (out of your 512 MB) for itself.

This means that you definitely need more RAM.  Perhaps upgrading from
512 MB to 1 GB would be sufficient to make this command complete in
under an hour.

This also means that you have other processes running that actively use
memory (can't just be swapped out and sit in swap), and this prevents
"john" from getting more RAM for itself.  Perhaps if you run it on an
otherwise unused system, it'll be able to get something like 450-500 MB
RAM for itself, which will be much closer to the 575 MB that it needs.
So swap activity will be a lot less.  Then maybe the command will
complete in a few hours.

You may also add the "--save-memory=3" option.  Normally, this would
only make JtR slower, but since in your case the system is using the
swap a lot this option could make it faster as the swap activity will be
reduced a bit.

Of course, the real fix is upgrading your RAM for dealing with your
400 MB large pot file - or you may replace the entire computer to avoid
having to buy obsolete and over-priced DDR1 memory (which is probably
what you have).  If you do the latter, then I recommend that you go for
a quad-core Core 2 based processor, a 64-bit Linux system, and 2+ GB of
RAM (JtR, as well as other programs, are more memory-hungry on 64-bit,
so 1 GB might not be enough for your use).

>  using_dma     =  1 (on)
> Look like, it's ok, it's all very strange :/

Yes, your disk is OK, although having this much swap activity for days
might kill the disk sooner than you like.

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ