Date: Thu, 20 Dec 2012 09:08:09 +0100 From: magnum <john.magnum@...hmail.com> To: john-users@...ts.openwall.com Subject: Re: Creating Graphs from john.log On 20 Dec, 2012, at 5:34 , Matt Weir <cweir@...edu> wrote: > 1) I'd really like to output the number of guesses have been generated > when a password is cracked. Right now it outputs the time instead. > While you can get a rough idea of the number of guesses based on the > time, it creates a lot of difficulties when sharing/comparing data > with other people. Aka if I have a crazy fast computer and someone > else has an old 486, they might have a better ruleset but when I > compare it to my dumbforce run I wouldn't know it. Number of guesses > made is a platform agnostic measurement. I really appreciate your work so I'd by happy to help. As you know there are two notions: either "candidates tried", or "candidate/hash combinations tried" and JtR keeps track of the latter for the c/s figure. Solar has indicated he will eventually make the former visible too, but currently it is not. Hopefully you also know that you can show that figure, not in log but in output, by setting CrackStatus = Y and StatusShowCandidates = Y. Example: $ ../run/john ../test/rawmd5_tst.in --max-run-time=30 --format=raw-md5 --incremental:all8 Loaded 1500 password hashes with no different salts (Raw MD5 [128/128 SSE2 intrinsics 12x]) start123 (u53-RawMD5) guesses: 1/41866110000 time: 0:00:00:01 0.00% c/s: 41866M trying: start127 - start105 password (u9-RawMD5) guesses: 2/121446928728 time: 0:00:00:04 0.00% c/s: 30361M trying: passwoom - passwoll trustno1 (u33-RawMD5) guesses: 3/297817949400 time: 0:00:00:11 0.00% c/s: 27074M trying: trustnol - trustnig guesses: 3/791303813772 time: 0:00:00:30 0.00% c/s: 26376M trying: 190413d1 - 190418.c Use the "--show" option to display all of the cracked passwords reliably Session stopped (max run-time reached) This tells us that "start123" was 41866110000/1500 = the 27910740th candidate tried (actually due to "12x" it's between 27910729 and 27910740, including). Let's verify it: $ ../run/john --incremental:all8 -stdout | grep -nFm1 start123 27910738:start123 If this figure (the 41866110000) is usable, I could easily make it appear in the log file too. I suppose you'd like it on the same line as "+ Cracked ...", right? I could also add a command-line option for enabling 'StatusShowCandidates' without editing john.conf (CrackStatus already has one: --show-crack-status) if you like. > 2) I need to be able to count duplicate passwords. This is a bit of a > contentious point, but when modeling a password cracking session I > strongly believe we need to be able to represent that some passwords > are much more common than others. An attacker should be rewarded for > guessing '123456' first and I want to be able to model that. Right now > JtR, (rightfully so), removes duplicate hashes for performance > reasons. It would be nice to be able to modify a flag in john.conf so > that duplicate guesses were not removed. I think I could add another option that just turns off the dupe hash suppression in loader, with no regression problems. I'm not sure but I think the rest would just work as-is. I can give it a shot. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.