Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Jan 2010 20:49:55 +0100
From: SL <auditor@...chat.de>
To: john-users@...ts.openwall.com
Subject: Re: getting started, unix_crypt hashes

Am 2010-01-13 um 19:49 schrieb Paul Needham:

> I noticed if I press the "-" key on my keyboard it gives me some  
> feedback on what JtR is doing
In fact, ANY key will do, see:
http://www.openwall.com/john/doc/
"While cracking, you can press any key for status, or Ctrl-C to abort  
the session"

> I was a little unsure as to what the "-" related information is  
> actually telling me, so could anyone confirm my assumptions, and  
> possibly clarify where I am unsure:
>
> guesses: 0 - ?
* John hasn't cracked a single hash in this session (yet).

> time: 0:00:00:09 - I expect this is how long the attempted crack  
> has been running for?
* I don't know for sure, but I believe this is CPU time, not real  
time. Unless you're running other high load processes, this shouldn't  
make much of a difference though.

> (3) - ?
* John is already at pass 3, so it has completed "--single" and "-- 
wordlist" with no success and is now running "--incremental".

http://www.openwall.com/john/doc/OPTIONS.shtml
"If [...] no options are given, John will go through the default  
selection of cracking modes with their default settings."

> c/s: 489829 - ?
* John is trying 489,829 password candidates per second on your  
machine (for "Traditional DES" hashes).

> trying: doneh - dorny - I expect this is the current attempted  
> cracks John is trying against the hash?
Yes.

> For anyone who has successfully cracked a password using the tool,  
> when JtR cracks 1 of the password hashes, does it inform the end-user?
Yes, the password is displayed along with the username (in parentheses).

> Or do we need to periodically enter a command to see what has been  
> cracked, and what the tool is still working on.
No, but you can show already cracked passwords by opening a second  
cmd.exe window and issuing:
john etcshadow --show

(Which doesn't really make sense until john has cracked the first  
hash, obviously.)

> The other thing I wondered, is has JTR been developed so that if it  
> detects the hashes are the traditional unix_crypt, will it keep the  
> crack combinations <=8 characters long, as to my knowledge such  
> passwords cant exceed 8 characters, therefore attempting a 10  
> character string would be a pointless exercise?  Or do I need to  
> tailor the settings to suit possibilities of unix_crypt passwords?  
> If so could you offer any tips? I guess the obvious one would be  
> formulating a word list only consisting of words or phrases of <=8  
> characters long.

Running ...
grep -m1 "PLAINTEXT_LENGTH" .DES_fmt.c
... in john's SRC directory shows:
#define PLAINTEXT_LENGTH                8

So, yes, "Traditional DES" passwords are limited to 8 characters,  
longer candidates are either truncated or rejected (I don't know  
which it is).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.