Date: Tue, 30 Aug 2005 21:02:35 +0200 From: "Frank Dittrich" <frank_dittrich@...mail.com> To: john-users@...ts.openwall.com Subject: Re: trivial parallel processing (4 CPUs) Stephen Cartwright wrote: >Breaking the password file apart randomly causes duplicate salts >to be used across the password files, but what if you broke the >password file apart based upon salt? That's certainly a better alternative. You could even collect the most frequently used salts of uncracked passwords (after running single crack mode and simple password rules) into a separate password file. Since the number of different salts is smaller, you'll be able to test a larger part of the search space on these hashes. >Then for every salt, there would only be 1 set of passwords still. Right, except for a few somewhat broken password algorithms, see comments regarding bigcrypt. >Another thing I am wondering about is how does John crack partial >passwords? >Many passwords have just two or three characters cracked. That's caused by the way bigcrypt works. Instead of restrictinc the significant password length to 8 characters, bigcrypt calculates a hash using "Traditional DES" and a 2 character hash. If the password is longer than 8 characters, the remaining characters of the password (starting from offset 8) are encrypted separately (again using "Traditional DES", the salt, however, is composed of the first 2 characters of the hash computed from the first part of the password). That's why, the bigcrypt hash QpwuMaH29uXKkXXs6n5D01vg (from your previous mail) can be split into 2 DES hashes QpwuMaH29uXKk is the hash for the first part of your password (8 characters) wuXXs6n5D01vg is the hash of the second part of your password (2 characters, which we know because the "password" of length 2 has been easily cracked. >However I thought that with a hash, the output varies widely >depending on the input. For bigcrypt, you have 2 separate hashes which can be cracked individually. That also means, you shouldn't just split all your bigcrypt hashes into individual password files. Instead, you could split each bigcrypt hash into 2 DES hashes after trying single crack mode on the bigcrypt password file. $ cut --fields=2 --delimiter=":" pw_bigcrypt | cut --bytes=1-13 \ >| grep -n "." >> bigcrypt.part1 $ cut --fields=2 --delimiter=":" pw_bigcrypt | cut --bytes=3-4,14- \ >| grep -n "." >> bigcrypt.part2 Splitting the part 1 and 2 does only make sense because it's much more likely that shorter "passwords" will have been used here and that part 1 of the passwords could more likely be cracked using wordlists and --rules. For incremental mode, you should combine these and then split based on the DES hash. For john --show, it doesn't matter whether you use pw_bigcrypt (john will try to compose the complete passwords from the parts which have beeen cracked) or bigcrypt.part1/2 (john will report dummy user names (the line numbers from "grep -n") - the same applies for cracked passwords (command line and log file)). Regards, Frank
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.