Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Nov 2012 08:35:50 +0400
From: Solar Designer <>
Subject: Re: Trying to understand output of john -status

On Mon, Nov 12, 2012 at 07:04:59PM +0000, Andrew wrote:
> We are a small organization where two people left unhapply. There are a number 
> of files that are encryped eg VI and others where we think they used the same 
> passwords as their login. We would like to access those files.

You could speed the attack up by focusing it on just those people's
passwords - not trying to crack the rest as well.

> Here is the loaded option..
> Loaded 18 password hashes with 18 different salts (FreeBSD MD5 [128/128 SSE2 
> intrinsics 4x])

Since each of your hashes has a unique salt, excluding some of the
hashes from attack will speed up the attack on the remaining hashes.
The c/s rate won't increase, but the candidate passwords per second rate
(not displayed) will.

You may also speed things up a little bit by downloading the latest JtR
-jumbo version in form of source tarball and compiling it with "make
linux-x86-sse2i" (with the trailing "i").

> I believe the version is 1.7.9
> At least the CHANGES file says this ...
> The following changes have been made between John 1.7.8 and 1.7.9:
> (I cannot see an option in john like john -version)

The version number is printed when you run "john" with no arguments.
You may need to scroll up to see it, though, as the usage output is
rather long lately.

> You mentioned the "Make Target". This is unknown to me. It is simply on the 
> linux that we installed on this computer as part of the linux. One of the 
> other fellows mentioned backtrack 5 so we dl'ed it and installed it and there 
> it was. Im not a programer so the only making I do is the odd time when I have 
> to install some softwere that needs compiling, and I follow the instructions 
> slavishly. Not often.

Understood.  Well, I guess BackTrack used a slightly sub-optimal make
target for this JtR build.  That said, it is also true that your
computer is just slow by modern standards - e.g., cracking these hashes
on an AMD FX-8120 CPU (under $200) running a 64-bit OS will be about 40
times faster (over 200k c/s), and a GPU will be faster yet.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.