Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 10 Jan 2012 12:25:33 -0500
From: Chuck Kahn <>
Subject: Re: official JtR or jumbo for RAR?

After running john (setting MaxLen and MinLen to 2 to keep the test short)
on the rardump file

/usr/local/Cellar/john/john-1.7.9-jumbo-5/run/john --format=rar
> --incremental:Digits2 rardump

comes the repeated message:

RAR -p mode support is not complete yet!
> RAR -p mode support is not complete yet!
> RAR -p mode support is not complete yet!

Followed by the result:

> guesses: 0  time: 0:00:00:02 DONE (Tue Jan 10 12:15:30 2012)  c/s: 40.81
>  trying: 87

It doesn't look like it matched the password "11".  If "RAR -p mode
support" refers to incomplete support of the "p" (password) switch of the
RAR command, does that mean jumbo can't crack RAR passwords?

On Tue, Jan 10, 2012 at 3:37 AM, Dhiru Kholia <>wrote:

> On Tue, Jan 10, 2012 at 11:36 AM, Chuck Kahn
> <> wrote:
> > Which will work faster at cracking RAR passwords -- the official JtR or
> > jumbo?
> Official JtR doesn't have support for cracking RAR files in-built.
> > $ /usr/local/Cellar/john/john-1.7.9-jumbo-5/run/john --format=rar
> >> --incremental:all testabc.rar
> >> No password hashes loaded (see FAQ)
> > The FAQ doesn't provide detail on how to use "--format=rar" for jumbo
> JtR.
> >  How do I proceed with jumbo and RAR?
> If you are using jumbo then first run rar2john tool on your RAR files
> rar2john testabc.rar > rardump
> Then run john on the generated rardump file.
> john --format=rar rardump
> Using jumbo should be faster than your shell script. However cracking
> RAR files is extremely slow in general.
> --
> Cheers,
> Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.