Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 21 Dec 2012 00:00:04 +0100
From: magnum <>
Subject: Re: Creating Graphs from john.log

On 20 Dec, 2012, at 16:24 , Matt Weir <> wrote:
> I actually like having the config options in the john.conf file, but
> that's simply because it's easier for me to have a john_research.conf
> where I have everything set up and then use the -config= option on the
> command line.

I have now committed two patches, one that adds the candidate figure to the log file when using StatusShowCandidates, and another that adds a john.conf option "NoLoaderDupeCheck" that disables the dupe checking. I did not add any command-line option for the latter. Try it out! Seems to work fine but not much tested. If something is amiss, give me a shout.

> What I probably need to do is create a first draft of a "research readme"
> about the various settings in John that might be interesting for
> someone doing password cracking research. I'll obviously make a lot of
> mistakes/omissions but then people can correct me and we can document
> ways to run tests using John. Also, I feel there's a lot of good
> functionality in John that most people simply don't know about.

Here are the existing stuff (including the above) I can think of that can be handy in various kinds of experiments:

Command-line options:
--mkpc=1		Decreases max keys per crypt to 1, so you can see
			in log which exact rule caused a crack. This comes
			with a performance penalty.
--progress-every=N	Emit a status line every N seconds.
--crack-status		Emit a status line whenever a password is cracked.
--max-run-time=N	Gracefully exit after this many seconds.
--loopback		Use the plaintexts from john.pot as wordlist.
--log-stderr		Log to screen instead of file.

Config file settings:
CrackStatus		Same as --crack-status.
StatusShowCandidates	Show number of crypts in status lines and log file.
LogCrackedPasswords	Output passwords to log file, not just the usernames.
NoLoaderDupeCheck	Disable dupe hash suppression when loading hashes.

> For example, figuring out how to use the "dummy" format required a bit of
> Google searching on my part

Yeah I actually flagged your mail for keeping a note on how to create dummy hashes easily. Without it, I'd end up re-inventing a perl one-liner every time :-)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.