Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Wed, 13 Jan 2010 20:49:55 +0100
From: SL <auditor@...chat.de>
To: john-users@...ts.openwall.com
Subject: Re: getting started, unix_crypt hashes

Am 2010-01-13 um 19:49 schrieb Paul Needham:

> I noticed if I press the "-" key on my keyboard it gives me some  
> feedback on what JtR is doing
In fact, ANY key will do, see:
http://www.openwall.com/john/doc/
"While cracking, you can press any key for status, or Ctrl-C to abort  
the session"

> I was a little unsure as to what the "-" related information is  
> actually telling me, so could anyone confirm my assumptions, and  
> possibly clarify where I am unsure:
>
> guesses: 0 - ?
* John hasn't cracked a single hash in this session (yet).

> time: 0:00:00:09 - I expect this is how long the attempted crack  
> has been running for?
* I don't know for sure, but I believe this is CPU time, not real  
time. Unless you're running other high load processes, this shouldn't  
make much of a difference though.

> (3) - ?
* John is already at pass 3, so it has completed "--single" and "-- 
wordlist" with no success and is now running "--incremental".

http://www.openwall.com/john/doc/OPTIONS.shtml
"If [...] no options are given, John will go through the default  
selection of cracking modes with their default settings."

> c/s: 489829 - ?
* John is trying 489,829 password candidates per second on your  
machine (for "Traditional DES" hashes).

> trying: doneh - dorny - I expect this is the current attempted  
> cracks John is trying against the hash?
Yes.

> For anyone who has successfully cracked a password using the tool,  
> when JtR cracks 1 of the password hashes, does it inform the end-user?
Yes, the password is displayed along with the username (in parentheses).

> Or do we need to periodically enter a command to see what has been  
> cracked, and what the tool is still working on.
No, but you can show already cracked passwords by opening a second  
cmd.exe window and issuing:
john etcshadow --show

(Which doesn't really make sense until john has cracked the first  
hash, obviously.)

> The other thing I wondered, is has JTR been developed so that if it  
> detects the hashes are the traditional unix_crypt, will it keep the  
> crack combinations <=8 characters long, as to my knowledge such  
> passwords cant exceed 8 characters, therefore attempting a 10  
> character string would be a pointless exercise?  Or do I need to  
> tailor the settings to suit possibilities of unix_crypt passwords?  
> If so could you offer any tips? I guess the obvious one would be  
> formulating a word list only consisting of words or phrases of <=8  
> characters long.

Running ...
grep -m1 "PLAINTEXT_LENGTH" .DES_fmt.c
... in john's SRC directory shows:
#define PLAINTEXT_LENGTH                8

So, yes, "Traditional DES" passwords are limited to 8 characters,  
longer candidates are either truncated or rejected (I don't know  
which it is).

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ