Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 17 Feb 2007 16:56:43 -0600
From: RB <>
Subject: Re: johns running for two weeks

> I am only trying to crack one Linux password.
Unfortunately, cracking passwords is not guaranteed within a
reasonable time with any publicly available cracker, only more
probable.  If the target password is sufficiently strong,
probabilities are that you'll never get it.  For example - I have a
system holding the fastest published benchmark for John (Xeon 5160);
every 30 days, I generate 15 candidate passwords of 12-15 characters
(for the peanut gallery, yes - my password hashes do start with '$2$')
apiece, and start cracking them.  30 days later, I pick my next
password randomly from those that resisted 30 days of crunching.

John is designed to try password candidates in order of statistical
probability.  As summarized from the EXAMPLES file (you did read that,
didn't you?), a vanilla run of JTR will iterate through single,
wordlist + rules, and finally incremental modes.  The parenthetical
number you see after the time (3, in your case) indicates it's on it's
3rd automatic phase, or incremental.  The "c/s" statement is explained
in the FAQ (you read that too, right?) - combinations of username +
password per second.

Incremental mode may well go back to statistically less likely,
shorter passwords after it has tried more likely longer ones - thanks
to Solar's hard work on analyzing character frequencies, it will try
'deadbeef' long before it will try '++++'.  All that to say, shorter
doesn't mean anything - they're statistically less probable.

By the way - unless you're doing something funny with process
scheduling, you really don't need to do the whole 'sudo' or even
'nice' bits - JTR will quite happily consume all processor possible.

Rainbow cracking trades off flexibility and storage space for cracking
speed.  Works against for Windows machines, but not so for *IX.

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.