Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 8 Jan 2015 14:25:17 -0500
From: Rafael Veras <rafaveguim@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: How to force John to count duplicate guesses?

Hi Matt,

Although it won't be useful for my current experiment, since the target is
hashed, I would like to know when the project goes public on github. It
might be useful for other experiments.

Thanks,

Rafael

On Wed, Jan 7, 2015 at 4:22 PM, Matt Weir <cweir@...edu> wrote:

> So if a guess is never hashed, is it actually a guess? ;p
>
> I don't know if it would be useful for you but I've been re-writing my
> password cracking simulator to be faster and my plan is to release it on
> github. Basically it takes candidate guesses as input via stdin, and then
> compares them against a list of plaintext target passwords. If the guesses
> match any of the passwords it outputs how many guesses it took to crack the
> password along with the plaintext value. There's several other output modes
> as well to make graphing the results in Excel easier. It's still faster to
> use JtR instead, (and for the matter JtR can be used against hashed
> passwords), but I find my tool useful since it makes parsing the results
> easier plus it's just a small python program so making changes is fairly
> striaghtforward.
>
> I'm not going to have access to my computer until tomorrow but if this
> sounds interesting to you I'll try to create a git project online sometime
> tomorrow night.
>
> Matt
>
> On Wed, Jan 7, 2015 at 3:51 PM, Rafael Veras <rafaveguim@...il.com> wrote:
>
> > Hi,
> >
> > I'm running an experiment with a wordlist containing 8 billion entries,
> > many of which are duplicates.
> >
> > By the end of the experiment a get the following status line:
> >
> > 1956366g *7942070363p* 0:00:21:18 1530g/s 6214Kp/s 6214Kc/s 25268GC/s
> > lyngemita..LynGemItA
> >
> > In bold is the number of password candidates tried. I expected to see
> > 8000000000 there.
> >
> > After some toy experiments, I realized John might not be counting
> > candidates that were already tried.
> >
> > From the status lines, I generate a graph with the performance of
> guessing
> > methods. Not counting duplicates artificially boosts the performance of
> > this particular guessing method, in terms of hits/guesses.
> >
> > So is it possible to easily alter this behavior, either in john.conf or
> in
> > the source code?!
> >
> > Best regards
> >
> > --
> >
> > Rafael
> >
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.