Date: Mon, 20 Mar 2006 10:36:07 +0000 From: Hari Sekhon <harisekhon@...il.com> To: john-users@...ts.openwall.com Subject: getting cracking speed info with nohup When running nohup ./john passwdfile &, how can I found out the speed of the cracking the way you can when you just run ./john passwdfile and press enter to see what it is trying and how many combinations a second is is doing..? I'm interested because I'm running hashes on two machines, a lame Via 1Ghz and my own Athlon XP 2200. Solar Designer wrote: > On Wed, Mar 15, 2006 at 09:19:30AM +0000, Hari Sekhon wrote: > >> I find that john --show passwdfile works best. >> > > This is what you're supposed to be using. In fact, it's the only > documented way to obtain the cracked passwords. > > >> The john.pot and john.log >> don't give useful information pairings of username/passwords. john.pot >> holds passwords and hashes, which is fine to look at if the username is >> the same as the password but a bit of a guessing game otherwise... >> > > john.pot is a file that John uses internally. It is machine-friendly, > not human-friendly. "john --show" may also display more cracked users > (e.g., if the same password hash is shared for several users, john.pot > may have it listed only once, but "john --show" will display the > password for all of the affected users) and it will combine any partial > hashes (those are stored in john.pot on separate lines). > > The output of John while it is running may also not include all of the > cracked passwords, so you should not be relying on it for that. In > particular, this may happen when the same password hash is shared for > multiple users and you're running John in other than "single crack" or > batch modes. In those cases, John would simply not load the duplicate > instances of the hash for cracking - yet a subsequent "john --show" run > would correctly display all of the users whose passwords get cracked. > > >> Ps. It would be better if john sent it's output as it's going along the >> same way that most unix programs do >> > > Actually, John works _exactly_ the same way that most other Unix > programs do. This buffering of program output is performed by most C > libraries, and programs have to explicitly ask the library to not buffer > their output or to line-buffer it (instead of buffering fixed amounts of > data) if they want to. Most programs don't change the default. > > Maybe John should be explicitly line-buffering its standard output, > although that would slow things down in those special cases when John > produces a lot of output (successfully cracking thousands of passwords > per second). > > >> so that I could do >> >> ./john passwdfile > john.progressfile 2>&1 & >> >> and then just tail -f the john.progressfile. Or even better to nohup >> john and then you could log off/close ssh session etc and ssh back into >> it some time/days later and do the tail -f... >> > > This has already been suggested: use GNU screen. > > You do need to use "john --show" to get at the actual cracked passwords > anyway. > >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.