Date: Wed, 23 Jan 2008 03:51:16 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: few passwords cracked (was: different formats..) On Tue, Jan 22, 2008 at 06:13:54PM -0500, Steve ...... wrote: > lynx@box:~/*****/big$ john --format=MD5 bigshadow > Loaded 1192 passwords with 1191 different salts (FreeBSD MD5 [32/32]) > lynx@box:~/******$ john --format=MD5 smallshadow > Loaded 670 passwords with 670 different salts (FreeBSD MD5 [32/32]) Yes, it is a bit weird that only 27 passwords got cracked in 15 hours. > I noticed it says FreeBSD MD5 when these are not infact from a FreeBSD box, > but that alaways has happend nothing new there.. just a thought. This is normal. This hashing method was originally developed by Poul-Henning Kamp for FreeBSD, but later picked up by most Linux distributions (via its addition to Linux-PAM and GNU libc), Cisco IOS, and some others. FWIW, I first added its support to JtR in 1997, and the string "FreeBSD MD5" in version 1.5 released in 1998. > ... 1191 different salts sounds bad? It sounds about right for this hash type and for properly configured systems. You shouldn't expect a lot of matching salts when the "salt space" is large (in this case, it is 48-bit). > I assume the same box the same salts? No idea what you mean here. > maybe its cause im missing passwd? No. (Assuming that you're referring to your use of shadow files only.) Since some of your hashes are clearly not being loaded for cracking, you do need to use the "--format=..." option. I'd start by trying "--format=des" - this will likely get other hashes loaded, and get many of them cracked. As to your MD5-based hashes, those do appear to be mostly strong. That said, 15 hours is not a lot of time for these relatively slow hashes and for the large number of different salts, so chances are that more passwords will get cracked if you let JtR run for longer. -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.