Date: Sat, 17 Feb 2007 16:56:43 -0600 From: RB <aoz.syn@...il.com> To: john-users@...ts.openwall.com, christopher.lemire@...il.com Subject: Re: johns running for two weeks > I am only trying to crack one Linux password. Unfortunately, cracking passwords is not guaranteed within a reasonable time with any publicly available cracker, only more probable. If the target password is sufficiently strong, probabilities are that you'll never get it. For example - I have a system holding the fastest published benchmark for John (Xeon 5160); every 30 days, I generate 15 candidate passwords of 12-15 characters (for the peanut gallery, yes - my password hashes do start with '$2$') apiece, and start cracking them. 30 days later, I pick my next password randomly from those that resisted 30 days of crunching. John is designed to try password candidates in order of statistical probability. As summarized from the EXAMPLES file (you did read that, didn't you?), a vanilla run of JTR will iterate through single, wordlist + rules, and finally incremental modes. The parenthetical number you see after the time (3, in your case) indicates it's on it's 3rd automatic phase, or incremental. The "c/s" statement is explained in the FAQ (you read that too, right?) - combinations of username + password per second. Incremental mode may well go back to statistically less likely, shorter passwords after it has tried more likely longer ones - thanks to Solar's hard work on analyzing character frequencies, it will try 'deadbeef' long before it will try '++++'. All that to say, shorter doesn't mean anything - they're statistically less probable. By the way - unless you're doing something funny with process scheduling, you really don't need to do the whole 'sudo' or even 'nice' bits - JTR will quite happily consume all processor possible. Rainbow cracking trades off flexibility and storage space for cracking speed. Works against for Windows machines, but not so for *IX. -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.