Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 17 Feb 2007 16:56:43 -0600
From: RB <aoz.syn@...il.com>
To: john-users@...ts.openwall.com, christopher.lemire@...il.com
Subject: Re: johns running for two weeks

> I am only trying to crack one Linux password.
Unfortunately, cracking passwords is not guaranteed within a
reasonable time with any publicly available cracker, only more
probable.  If the target password is sufficiently strong,
probabilities are that you'll never get it.  For example - I have a
system holding the fastest published benchmark for John (Xeon 5160);
every 30 days, I generate 15 candidate passwords of 12-15 characters
(for the peanut gallery, yes - my password hashes do start with '$2$')
apiece, and start cracking them.  30 days later, I pick my next
password randomly from those that resisted 30 days of crunching.

John is designed to try password candidates in order of statistical
probability.  As summarized from the EXAMPLES file (you did read that,
didn't you?), a vanilla run of JTR will iterate through single,
wordlist + rules, and finally incremental modes.  The parenthetical
number you see after the time (3, in your case) indicates it's on it's
3rd automatic phase, or incremental.  The "c/s" statement is explained
in the FAQ (you read that too, right?) - combinations of username +
password per second.

Incremental mode may well go back to statistically less likely,
shorter passwords after it has tried more likely longer ones - thanks
to Solar's hard work on analyzing character frequencies, it will try
'deadbeef' long before it will try '++++'.  All that to say, shorter
doesn't mean anything - they're statistically less probable.

By the way - unless you're doing something funny with process
scheduling, you really don't need to do the whole 'sudo' or even
'nice' bits - JTR will quite happily consume all processor possible.

Rainbow cracking trades off flexibility and storage space for cracking
speed.  Works against for Windows machines, but not so for *IX.

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.