Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Jan 2010 18:49:23 +0000
From: Paul Needham <>
To: <>
Subject: getting started, unix_crypt hashes

I have a few questions for the john-users mailing list in relation to both JtR operation, and function.
I imported a set of unix_crypt hashes into JtR, having ran the unshadow command to merge the /etc/passwd and /etc/shadow files. Considering this was the first time I had ran JtR, I was concerned when JtR seemed to just pause/freeze after importing the hashes, almost as if it was expecting an additional command. So I was unsure if the process was working. However, I noticed if I press the "-" key on my keyboard it gives me some feedback on what JtR is doing, as shown below:
C:\Documents and Settings\********\Desktop\john-\run>john etcshadow
Loaded 7 password hashes with 7 different salts (Traditional DES [128/128 BS SSE
 guesses: 0  time: 0:00:00:09 (3)  c/s: 489829  trying: doneh - dorny
I was a little unsure as to what the "-" related information is actually telling me, so could anyone confirm my assumptions, and possibly clarify where I am unsure:
guesses: 0 - ?
time: 0:00:00:09 - I expect this is how long the attempted crack has been running for?
(3) - ?
c/s: 489829 - ?
trying: doneh - dorny - I expect this is the current attempted cracks John is trying against the hash?
For anyone who has successfully cracked a password using the tool, when JtR cracks 1 of the password hashes, does it inform the end-user? Or do we need to periodically enter a command to see what has been cracked, and what the tool is still working on.
The other thing I wondered, is has JTR been developed so that if it detects the hashes are the traditional unix_crypt, will it keep the crack combinations <=8 characters long, as to my knowledge such passwords cant exceed 8 characters, therefore attempting a 10 character string would be a pointless exercise?  Or do I need to tailor the settings to suit possibilities of unix_crypt passwords? If so could you offer any tips? I guess the obvious one would be formulating a word list only consisting of words or phrases of <=8 characters long. 
Anyway, I am currently working my way through the /docs/ provided with the Windows build I donwloaded, so hopefully all will become clear in there, however anything additional anyone wants to add or confirm would be much appreciated. 
Do you have a story that started on Hotmail? Tell us now

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.