Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Aug 2005 21:02:35 +0200
From: "Frank Dittrich" <>
Subject: Re: trivial parallel processing (4 CPUs)

Stephen Cartwright wrote:
>Breaking the password file apart randomly causes duplicate salts
>to be used across the password files, but what if you broke the
>password file apart based upon salt?

That's certainly a better alternative.
You could even collect the most frequently used salts of uncracked
passwords (after running single crack mode and simple password rules)
into a separate password file.
Since the number of different salts is smaller, you'll be able to
test a larger part of the search space on these hashes.

>Then for every salt, there would only be 1 set of passwords still.

Right, except for a few somewhat broken password algorithms,
see comments regarding bigcrypt.

>Another thing I am wondering about is how does John crack partial 
>Many passwords have just two or three characters cracked.

That's caused by the way bigcrypt works.
Instead of restrictinc the significant password length to 8
characters, bigcrypt calculates a hash using "Traditional DES" and a
2 character hash. If the password is longer than 8 characters, the
remaining characters of the password (starting from offset 8) are
encrypted separately (again using "Traditional DES", the salt,
however, is composed of the first 2 characters of the hash computed
from the first part of the password).

That's why, the bigcrypt hash QpwuMaH29uXKkXXs6n5D01vg
(from your previous mail) can be split into 2 DES hashes
is the hash for the first part of your password (8 characters)
is the hash of the second part of your password (2 characters, which
we know because the  "password" of length 2 has been easily cracked.

>However I thought that with a hash, the output varies widely
>depending on the input.

For bigcrypt, you have 2 separate hashes which can be cracked

That also means, you shouldn't just split all your bigcrypt hashes
into individual password files.
Instead, you could split each bigcrypt hash into 2 DES hashes
after trying single crack mode on the bigcrypt password file.

$ cut --fields=2 --delimiter=":" pw_bigcrypt | cut --bytes=1-13 \
>| grep -n "." >> bigcrypt.part1

$ cut --fields=2 --delimiter=":" pw_bigcrypt | cut --bytes=3-4,14- \
>| grep -n "." >> bigcrypt.part2

Splitting the part 1 and 2 does only make sense because it's much
more likely that shorter "passwords" will have been used here and
that part 1 of the passwords could more likely be cracked using
wordlists and --rules.

For incremental mode, you should combine these and then split
based on the DES hash.

For john --show, it doesn't matter whether you use pw_bigcrypt
(john will try to compose the complete passwords from the parts
which have beeen cracked) or bigcrypt.part1/2 (john will report
dummy user names (the line numbers from "grep -n") - the same
applies for cracked passwords (command line and log file)).


Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.