Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Jan 2015 16:22:50 -0500
From: Matt Weir <cweir@...edu>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: How to force John to count duplicate guesses?

So if a guess is never hashed, is it actually a guess? ;p

I don't know if it would be useful for you but I've been re-writing my
password cracking simulator to be faster and my plan is to release it on
github. Basically it takes candidate guesses as input via stdin, and then
compares them against a list of plaintext target passwords. If the guesses
match any of the passwords it outputs how many guesses it took to crack the
password along with the plaintext value. There's several other output modes
as well to make graphing the results in Excel easier. It's still faster to
use JtR instead, (and for the matter JtR can be used against hashed
passwords), but I find my tool useful since it makes parsing the results
easier plus it's just a small python program so making changes is fairly
striaghtforward.

I'm not going to have access to my computer until tomorrow but if this
sounds interesting to you I'll try to create a git project online sometime
tomorrow night.

Matt

On Wed, Jan 7, 2015 at 3:51 PM, Rafael Veras <rafaveguim@...il.com> wrote:

> Hi,
>
> I'm running an experiment with a wordlist containing 8 billion entries,
> many of which are duplicates.
>
> By the end of the experiment a get the following status line:
>
> 1956366g *7942070363p* 0:00:21:18 1530g/s 6214Kp/s 6214Kc/s 25268GC/s
> lyngemita..LynGemItA
>
> In bold is the number of password candidates tried. I expected to see
> 8000000000 there.
>
> After some toy experiments, I realized John might not be counting
> candidates that were already tried.
>
> From the status lines, I generate a graph with the performance of guessing
> methods. Not counting duplicates artificially boosts the performance of
> this particular guessing method, in terms of hits/guesses.
>
> So is it possible to easily alter this behavior, either in john.conf or in
> the source code?!
>
> Best regards
>
> --
>
> Rafael
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.