Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 21 Dec 2012 20:56:10 +0100
From: magnum <john.magnum@...hmail.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Creating Graphs from john.log

On 21 Dec, 2012, at 11:17 , Frank Dittrich <frank_dittrich@...mail.com> wrote:
> On 12/21/2012 12:00 AM, magnum wrote:
>> --mkpc=1		Decreases max keys per crypt to 1, so you can see
>> 			in log which exact rule caused a crack. This comes
>> 			with a performance penalty.
> 
> BTW, how hard would it be to add an option which doesn't change MKPC for
> the whole session, but remembers the current word and the current rule
> (or current --incremental or --markov state at the begin of a new
> MAX_KEYS_PER_CRYPT set of candidate passwords, and if after using this
> set of candidates any hashes have been cracked, then just re-run this
> particular set of MAX_KEYS_PER_CRYPT candidates with max keys per crypt = 1?
> Then, the status output could show the correct number of password
> candidates tried, and the log file could show the exact rule used in
> word list or single mode.
> If this can be done, the performance penalty for --mkpc=1 (plus a little
> overhead for trying the same set of candidates twice) only applies if at
> least 1 candidate among MAX_KEYS_PER_CRYPT candidates really cracked a
> password.


Modular code is a good thing but it makes this harder than that.

Wordlist (wordlist.c) has no notion of a key buffer. It just calls crk_process_key() for each candidate, after applying rules and filters. When that function returns, Wordlist goes on producing next candidate. Wordlist doesn't know or care about what happened during crk_process_key() except that if it returns true, we're requested to abort.

Cracker (cracker.c) on the other hand, does not know squat about base words, rules or filters. It just builds an array of ready-made candidates that are passed to it (from whoever) one at a time. When the array is full, Cracker calls the format's crypt_all() and cmp_*() functions. Cracker knows when a candidate produced a correct guess and handles that. Then control is returned to the caller.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.