Date: Sat, 10 Nov 2012 23:39:16 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Trying to understand output of john -status On Fri, Nov 09, 2012 at 07:16:59PM +0000, Tom wrote: > When I type the following command while john is running I get the following. > > # john -status=john > guesses: 0 time: 8:20:31:52 0%00% (3) c/s: 4068 > > I don't know how to interpret this but it looks like nothing is happening. It's just the status of that session. The session may be currently running or not (this is not seen from the status file - you only see where it got to when the file was last updated). 4068 c/s is rather low, but it may be OK for some hash/cipher types - depending on what you're cracking, on what hardware, with what John version, build, and settings. > However, > When I press the space bar on the terminal window it does give me the current > PW it's tryng. That's as intended. Yes, --status does not print this info (since it's not included in the disk file), but a keypress does. > If I cat the john.pot file it shows me some passwords. Presumably, those were cracked by other sessions before you ran this one, since the session named "john" thinks it hasn't cracked anything yet. > However when I type the following I get the following, > > john --show john > 4 password hashes cracked, 0 left That's a weird command - or rather, it's a weird filename you chose to use here. First you called the session "john" - that's already pretty confusing since that's also the name of the John program. Now you're asking John to print cracked passwords for some file named "john". What's in that file? I suggest that you avoid confusing/conflicting names like that. > The john program continues to work, as I mentioned when I press the space bar > it shows me the current try. > I also know that that the shadow file has more passwords. I can see names in > the list with encrypted pw's in it. Have you used the "unshadow" program or are you running John on the shadow file directly? The latter works, but is suboptimal. With "unshadow", you might get more passwords cracked early on due to it letting John use info such as people's names and home directory names. > I have been running this for about 2 months. Yet the above session, confusingly named "john", was started from scratch less than 9 days ago. Maybe you wanted to restore a previously interrupted session rather than restart it from scratch? If so, you should have used --restore. Also, chances are that the c/s rate can be improved a lot. You need to mention your hash type (please include the "Loaded ..." line from John verbatim), John version and make target used, and hardware details - then we might be able to suggest how to speed things up. > Should I leave it running ? And allow it to keep trying the rest of the > passwords. What are you doing this for? We need to know your goals before we can advise you on this. Alexander P.S. Please consider posting to john-users via e-mail rather than via Gmane.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.