Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 07 Mar 2007 15:52:20 +0100
From: antares <antares@....ch>
To: john-users@...ts.openwall.com
Subject: Re: LM an NTLM combination

> Please try with the older NTLM patch that
> is a part of the jumbo patch -
> 
> 	http://www.openwall.com/john/contrib/john-1.7.2-all-2.diff.gz
> 
> and let the list know of your results.

This time, using the jumbo patch, subsequent executions did NOT lead to
new guesses, as it should be. :)

Conclusion:


Wordlist out of the LM pot with "--show | cut -d: -f2 > wordlist"
(unsorted, not unique, with unfinished "passwords" (unknown letters
presented by "?"))

wordlist length: 2227 lines
smooth would be: 1628 lines
(with "tr A-Z a-z < wordlist | sort -u > smooth)

But in order to be comparable to the original situation, I did not use
"smooth" but "wordlist" in all runs.
The state before the first run was:
-same wordlist and passwd files
-no john.pot, john.log, john.rec in the directory

"john-1-7-2" with "john-1.7.2-ntlm-alainesp-4.diff"
First run: 1459 guesses
Second run: 65 guesses
Third run: 0 guesses
Some more: 0 guesses

"john-1-7-2" with "john-1.7.2-all-2.diff.gz"
First run: 1546 guesses
Second run: 0 guesses
Some more: 0 guesses

There may be really a bug... interesting is also, that the jumbo patch
lead to 22 guesses in addition to the sum of the first and second run
with the ntlm patch.

> ...although 1 minute feels a
> bit excessive - what hardware are you on, how many cracked LM hashes do
> you have in your john.pot?

I use an aged P4 2 GHz for testing... And another instance of john is
running on the LM hashes (and some calculation for my thesis too)
So the time is not very meaningful...

Thank you and kind regards
antares




-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.