Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 20 Mar 2006 10:36:07 +0000
From: Hari Sekhon <>
Subject: getting cracking speed info with nohup

When running nohup ./john passwdfile &, how can I found out the speed of 
the cracking the way you can when you just run ./john passwdfile and 
press enter to see what it is trying and how many combinations a second 
is is doing..?

I'm interested because I'm running hashes on two machines, a lame Via 
1Ghz and my own Athlon XP 2200.

Solar Designer wrote:
> On Wed, Mar 15, 2006 at 09:19:30AM +0000, Hari Sekhon wrote:
>> I find that john --show passwdfile works best.
> This is what you're supposed to be using.  In fact, it's the only
> documented way to obtain the cracked passwords.
>> The john.pot and john.log 
>> don't give useful information pairings of username/passwords. john.pot 
>> holds passwords and hashes, which is fine to look at if the username is 
>> the same as the password but a bit of a guessing game otherwise...
> john.pot is a file that John uses internally.  It is machine-friendly,
> not human-friendly.  "john --show" may also display more cracked users
> (e.g., if the same password hash is shared for several users, john.pot
> may have it listed only once, but "john --show" will display the
> password for all of the affected users) and it will combine any partial
> hashes (those are stored in john.pot on separate lines).
> The output of John while it is running may also not include all of the
> cracked passwords, so you should not be relying on it for that.  In
> particular, this may happen when the same password hash is shared for
> multiple users and you're running John in other than "single crack" or
> batch modes.  In those cases, John would simply not load the duplicate
> instances of the hash for cracking - yet a subsequent "john --show" run
> would correctly display all of the users whose passwords get cracked.
>> Ps. It would be better if john sent it's output as it's going along the 
>> same way that most unix programs do
> Actually, John works _exactly_ the same way that most other Unix
> programs do.  This buffering of program output is performed by most C
> libraries, and programs have to explicitly ask the library to not buffer
> their output or to line-buffer it (instead of buffering fixed amounts of
> data) if they want to.  Most programs don't change the default.
> Maybe John should be explicitly line-buffering its standard output,
> although that would slow things down in those special cases when John
> produces a lot of output (successfully cracking thousands of passwords
> per second).
>> so that I could do
>> ./john passwdfile > john.progressfile 2>&1 &
>> and then just tail -f the john.progressfile. Or even better to nohup 
>> john and then you could log off/close ssh session etc and ssh back into 
>> it some time/days later and do the tail -f...
> This has already been suggested: use GNU screen.
> You do need to use "john --show" to get at the actual cracked passwords
> anyway.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.