Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 23 Jan 2008 03:51:16 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: few passwords cracked (was: different formats..)

On Tue, Jan 22, 2008 at 06:13:54PM -0500, Steve ...... wrote:
> lynx@box:~/*****/big$ john --format=MD5 bigshadow
> Loaded 1192 passwords with 1191 different salts (FreeBSD MD5 [32/32])
> lynx@box:~/******$ john --format=MD5 smallshadow
> Loaded 670 passwords with 670 different salts (FreeBSD MD5 [32/32])

Yes, it is a bit weird that only 27 passwords got cracked in 15 hours.

> I noticed it says FreeBSD MD5 when these are not infact from a FreeBSD box,
> but that alaways has happend nothing new there.. just a thought.

This is normal.  This hashing method was originally developed by
Poul-Henning Kamp for FreeBSD, but later picked up by most Linux
distributions (via its addition to Linux-PAM and GNU libc), Cisco IOS,
and some others.  FWIW, I first added its support to JtR in 1997, and
the string "FreeBSD MD5" in version 1.5 released in 1998.

> ... 1191 different salts sounds bad?

It sounds about right for this hash type and for properly configured
systems.  You shouldn't expect a lot of matching salts when the "salt
space" is large (in this case, it is 48-bit).

> I assume the same box the same salts?

No idea what you mean here.

> maybe its cause im missing passwd?

No.  (Assuming that you're referring to your use of shadow files only.)

Since some of your hashes are clearly not being loaded for cracking, you
do need to use the "--format=..." option.  I'd start by trying
"--format=des" - this will likely get other hashes loaded, and get many
of them cracked.

As to your MD5-based hashes, those do appear to be mostly strong.  That
said, 15 hours is not a lot of time for these relatively slow hashes and
for the large number of different salts, so chances are that more
passwords will get cracked if you let JtR run for longer.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.