Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Sep 2010 20:03:01 -0400 (EDT)
From: brad@...ystems.com
To: john-users@...ts.openwall.com
Subject: Re: Noob question: how to feed 10 alphanum char 
     min&max incremental to aircrack when "MaxLen = 10 exceeds the 
     compile-time limit of 8"

> On Wed, Sep 01, 2010 at 06:52:03PM -0400, brad@...ystems.com wrote:

> I think Joshua's point was that I made it so difficult to do simple/dumb
> things (e.g., shoot oneself in the foot, which sometimes even makes
> sense) that coding a separate program would be easier than figuring out
> how to modify params.h to go beyond length 8 with incremental mode or
> how to modify the DumbForce example in john.conf to specify the desired
> lengths range and charset.


Ah yes, not a good fit currently.


> Yeah, it should be possible to do a lot faster than that, although you
> haven't mentioned the number of NTLM hashes being cracked (with a truly
> large number, the hash table lookups and collisions would be taking
> significant time).


Yes, I omitted that. The time (67m6.326s) was on roughly 30,000 NT
(unsalted md4 unicode) hashes from the KoreLogic Defcon contest.

wc -l nt_clean.txt
30820 nt_clean.txt


> owl!solar:~/john/contest/john-1.7.6-jumbo-6/run$ ./john -e=dumbforce
> -fo=nt -u=aabdelhamid ~/john/contest/pw-contest
> Loaded 1 password hash (NT MD4 [128/128 X2 SSE2-16])
> guesses: 0  time: 0:00:00:03  c/s: 14275K  trying: 45816704 - 45816735
> guesses: 0  time: 0:00:00:07  c/s: 14492K  trying: 004654112 - 004654143
> guesses: 0  time: 0:00:06:49  c/s: 14042K  trying: 4632509280 - 4632509311
> guesses: 0  time: 0:00:09:55  c/s: 14017K  trying: 7229499904 - 7229499935
> guesses: 0  time: 0:00:11:31  c/s: 14011K  trying: 8571090624 - 8571090655
> guesses: 0  time: 0:00:12:31  c/s: 14010K  trying: 9411052608 - 9411052639
> guesses: 0  time: 0:00:13:14  c/s: 13993K  trying: 9999999968 - 9999999999


That's one NT hash and SSE2, right? That should be fast.


> For comparison, here's a raw hashing speed benchmark:
>
> owl!solar:~/john/contest/john-1.7.6-jumbo-6/run$ ./john -te -fo=nt
> Benchmarking: NT MD4 [128/128 X2 SSE2-16]... DONE
> Raw:    25493K c/s real, 25493K c/s virtual


SSE again it seems. Good numbers for a CPU based application. I doubt
you'll get much faster than that on a current CPU with that has type.


> This benchmark uses a lower average password length, though, which might
> contribute to the speed difference.
>
> Alexander

Thanks for the numbers,

Brad

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.