Date: Sun, 19 Mar 2006 22:40:12 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: john the ripper output On Wed, Mar 15, 2006 at 09:19:30AM +0000, Hari Sekhon wrote: > I find that john --show passwdfile works best. This is what you're supposed to be using. In fact, it's the only documented way to obtain the cracked passwords. > The john.pot and john.log > don't give useful information pairings of username/passwords. john.pot > holds passwords and hashes, which is fine to look at if the username is > the same as the password but a bit of a guessing game otherwise... john.pot is a file that John uses internally. It is machine-friendly, not human-friendly. "john --show" may also display more cracked users (e.g., if the same password hash is shared for several users, john.pot may have it listed only once, but "john --show" will display the password for all of the affected users) and it will combine any partial hashes (those are stored in john.pot on separate lines). The output of John while it is running may also not include all of the cracked passwords, so you should not be relying on it for that. In particular, this may happen when the same password hash is shared for multiple users and you're running John in other than "single crack" or batch modes. In those cases, John would simply not load the duplicate instances of the hash for cracking - yet a subsequent "john --show" run would correctly display all of the users whose passwords get cracked. > Ps. It would be better if john sent it's output as it's going along the > same way that most unix programs do Actually, John works _exactly_ the same way that most other Unix programs do. This buffering of program output is performed by most C libraries, and programs have to explicitly ask the library to not buffer their output or to line-buffer it (instead of buffering fixed amounts of data) if they want to. Most programs don't change the default. Maybe John should be explicitly line-buffering its standard output, although that would slow things down in those special cases when John produces a lot of output (successfully cracking thousands of passwords per second). > so that I could do > > ./john passwdfile > john.progressfile 2>&1 & > > and then just tail -f the john.progressfile. Or even better to nohup > john and then you could log off/close ssh session etc and ssh back into > it some time/days later and do the tail -f... This has already been suggested: use GNU screen. You do need to use "john --show" to get at the actual cracked passwords anyway. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.