Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 13 Feb 2013 18:34:44 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: RAR Cracking with JtR Jumbo (Files found during forensics)

On Wed, Feb 13, 2013 at 11:08:57AM +0000, Nicolas Brulez wrote:
> I have limited power for cracking password, and I tried "crark". Using my CPU I could only reach 245 c/s and my single GPU reached 1200 c/s.

Here are some --test benchmarks for JtR bleeding-jumbo.  FX-8120 CPU:

Benchmarking: RAR3 SHA-1 AES (4 characters) [32/64]... (8xOMP) DONE
Raw:    372 c/s real, 46.5 c/s virtual

HD 7970 GPU:

Benchmarking: RAR3 SHA-1 AES (6 characters) [OpenCL]... (8xOMP) DONE
Raw:    2486 c/s real, 10995 c/s virtual

(The "real" c/s is what you care about in either case.)

I think actual speed will vary between RAR files, and for different
password lengths being tested.

Your 1200 c/s is a fine speed - it's roughly what you should expect on
one non-high-end GPU.

> I have tried several things: Some simple wordlist, brute forcing only lowercase, numbers, low/upp/numb/special and i didn't find anything.

You may try using JtR to produce some highly focused candidate password
lists - use a tiny common passwords list like JtR's bundled password.lst
and RockYou's top N (where N is e.g. 10k), apply some rules on top of
that, such as using Simon's work-in-progress optimal ruleset:

http://openwall.info/wiki/john/rules#Simon-Marechal-s-ongoing-work-towards-an-optimal-ruleset

and pass the result through JtR's "unique" program to eliminate any
dupes without re-ordering.

You may combine larger input wordlists (e.g. more of RockYou top
passwords, up to millions) with smaller rulesets, and vice versa, as
long as the total number of candidate passwords stays sane.

You may also use JtR's incremental and Markov modes.

> I am looking for advices on the best setup to use JtR to crack RAR archives. Maybe using distributed cracking or something.
> I extracted the RAR archives from the SFX in order to use rar2john and I am now looking for the smartest way to use JtR.

Great.  What tool did you use to extract the RAR archives from the SFX?

For distributed cracking, do you intend to use your own computers or to
get a community involved?

You may be able to share the output of rar2john to let the community try
cracking the password(s), too.

Since this code in JtR keeps evolving, I recommend trying latest
unstable-jumbo or bleeding-jumbo (for both rar2john and john) - our git
trees.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.