Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 09 May 2015 20:39:48 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Advise on best approach (truecrypt pw based on pdf
 file)

On 2015-05-09 18:33, Demian Smith wrote:
>> Even if incremental now runs what you intended, it could take a
>> LONG time (as in years) to hit the correct phrase. What if you use
>> that wordlist you produced and instead of making a fake pot file,
>> use it directly as a wordlist in a crack? If it's the correct book
>> I reckon you'd crack your password in no time, no?
>
> I should have, indeed - I just did, but no luck. Potentially due to a
> typo or, more likely, a phrase compiled out of only a partial sentence
> in the book...

If that's it, we can create permutation rules tailored for this and 
should be able to crack it. I think you should concentrate on this for a 
while before resuming that incremental run.

> I ran the benachmark with the older version of John and boy is there a
> difference

Great! This is still a very tough hash type though.

>> Also, when you resume the job, copy the inital lines output when
>> job starts and report them too; Is it loading two "hashes"?
>> Shouldn't it be just one?
>
> It does load 2 hashes alright, not sure what the reason would be, though?

I'm not familiar with TC so I can't tell if you should filter one out or 
not. Let's keep attacking both for now.

> Loaded 2 password hashes with 2 different salts (tc_ripemd160, TrueCrypt AES256_XTS >[RIPEMD160 32/64])
> Will run 4 OpenMP threads
> Press 'q' or Ctrl-C to abort, almost any other key for status
> 0g 3178604p 0:19:58:10  0g/s 44.21p/s 88.42c/s 88.42C/s AioseaaU

Note that it still says 44.21p/s here but that's just the average speed 
from job start so this figure will now increase slowly towards your new 
faster figure.

> Would it be better to double check the hash file and maybe create it
> anew? Or is it a mal configuration of john.conf ?

Let's ignore that for now (unless someone can chime in with knowledge).

Let's concentrate on wordlist rules. If it's indeed a partial sentence, 
would you think it's truncated in the end and still starting with an 
uppercase letter?

Also, how large (number of lines) is that wordlist? Did you try just 
running it with --rules (and perhaps --rules=single in another run)?

magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.