Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Mar 2018 16:51:13 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: John The Ripper Detailed Outputs

On Mon, Mar 26, 2018 at 01:35:29PM +0000, kaan denizer wrote:
> I am giving john the ripper a file which contains hashes of password which
> may contain duplicate hashes.
> 
> I get the john's output like this: "2g 0:00:00:01 1.600g/s 3.200p/s
> 3.200c/s 70227C/s 123456789..abc123"
> 
> Which represents the total number of *unique* passwords cracked over time.

None of these figures are guaranteed to represent that.  Whether JtR
even loads the duplicate hashes or not may vary by matching salts vs.
not and by cracking mode.  To get the full list of cracked passwords,
including duplicate passwords (if for different lines in the original
password hash files - such as for different usernames), use "--show".

> My question is "Is There a Way to get *total* number of passwords *(which
> contains duplicate password counts as well)* cracked over time from jonh's
> output?"

In general no, because JtR itself might not know that number if it
didn't even load the duplicate hashes (in case the salts matched, too -
or in case of unsalted hash types).

In specific cases, yes:

When running "single crack" or batch mode (no cracking mode requested),
which includes "single crack" as a first step, JtR always loads all
hashes (even the duplicates), and then the guess count ("2g" in your
example) and the guess rate ("1.600g/s" in your example) correspond to
the total you ask for (including duplicates).

You may also change the "NoLoaderDupeCheck = N" to "Y" in john.conf in
jumbo, to achieve the same effect as above for all cracking modes.

But then there's "--fork", which may in some cracking modes (such as
wordlist with rules) result in duplicate guesses by the different child
processes, so the reported guess count might even be higher than the
total number of hashes (including duplicates).  So the above two
specific cases are only suitable for your needs when not using "--fork",
or when you do use "--fork" then only with cracking modes that never
produce duplicate candidate passwords (such as "--incremental" mode).

My advice is that you do not rely on this status line for anything
important.  It's a rough indication of progress.  If you need complete
results of cracking, use "--show".

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ