Date: Wed, 13 Jan 2010 20:49:55 +0100 From: SL <auditor@...chat.de> To: john-users@...ts.openwall.com Subject: Re: getting started, unix_crypt hashes Am 2010-01-13 um 19:49 schrieb Paul Needham: > I noticed if I press the "-" key on my keyboard it gives me some > feedback on what JtR is doing In fact, ANY key will do, see: http://www.openwall.com/john/doc/ "While cracking, you can press any key for status, or Ctrl-C to abort the session" > I was a little unsure as to what the "-" related information is > actually telling me, so could anyone confirm my assumptions, and > possibly clarify where I am unsure: > > guesses: 0 - ? * John hasn't cracked a single hash in this session (yet). > time: 0:00:00:09 - I expect this is how long the attempted crack > has been running for? * I don't know for sure, but I believe this is CPU time, not real time. Unless you're running other high load processes, this shouldn't make much of a difference though. > (3) - ? * John is already at pass 3, so it has completed "--single" and "-- wordlist" with no success and is now running "--incremental". http://www.openwall.com/john/doc/OPTIONS.shtml "If [...] no options are given, John will go through the default selection of cracking modes with their default settings." > c/s: 489829 - ? * John is trying 489,829 password candidates per second on your machine (for "Traditional DES" hashes). > trying: doneh - dorny - I expect this is the current attempted > cracks John is trying against the hash? Yes. > For anyone who has successfully cracked a password using the tool, > when JtR cracks 1 of the password hashes, does it inform the end-user? Yes, the password is displayed along with the username (in parentheses). > Or do we need to periodically enter a command to see what has been > cracked, and what the tool is still working on. No, but you can show already cracked passwords by opening a second cmd.exe window and issuing: john etcshadow --show (Which doesn't really make sense until john has cracked the first hash, obviously.) > The other thing I wondered, is has JTR been developed so that if it > detects the hashes are the traditional unix_crypt, will it keep the > crack combinations <=8 characters long, as to my knowledge such > passwords cant exceed 8 characters, therefore attempting a 10 > character string would be a pointless exercise? Or do I need to > tailor the settings to suit possibilities of unix_crypt passwords? > If so could you offer any tips? I guess the obvious one would be > formulating a word list only consisting of words or phrases of <=8 > characters long. Running ... grep -m1 "PLAINTEXT_LENGTH" .DES_fmt.c ... in john's SRC directory shows: #define PLAINTEXT_LENGTH 8 So, yes, "Traditional DES" passwords are limited to 8 characters, longer candidates are either truncated or rejected (I don't know which it is).
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.