Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 1 Aug 2015 22:34:41 +0200
From: Luis Rocha <luiscrocha@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Why does john display some cracked passwords twice?

Hello,

I am not sure if it is related but I am seeing the same behavior. Please
see below:

user@...kstation:~/JohnTheRipper/run$ ./john
/home/data/hashes/2013cmiyc/2013cmiyc_dist/Company1/pro-hashes.8.txt
--fork=4 --wordlist=/home/data/wordlists/bestwordlist/allwords.txt
--rules:Single --format=descrypt
Using default input encoding: UTF-8
Loaded 1793 password hashes with 1471 different salts (descrypt,
traditional crypt(3) [DES 256/256 AVX2-16])
Node numbers 1-4 of 4 (fork)
Each node loaded 1/4 of wordfile to memory (about 661 KB/node)
Press 'q' or Ctrl-C to abort, almost any other key for status
acetabul         (?)
acetabul         (?)
acetabul         (?)
acetabul         (?)
aluminum         (?)
aluminum         (?)
americiu         (?)
americiu         (?)
americiu         (?)
americiu         (?)
americiu         (?)
americiu         (?)
anesthet         (?)
anesthet         (?)
anesthet         (?)
anesthet         (?)
antiquit         (?)
antiquit         (?)
antiquit         (?)
antiquit         (?)
antimony         (?)
antimony         (?)
antimony         (?)
antimony         (?)
antimony         (?)
antimony         (?)
aquarian         (?)
aquarian         (?)
astatine         (?)
astatine         (?)
astatine         (?)
astatine         (?)


user@...kstation:~/JohnTheRipper/run$ ./john
/home/data/hashes/2013cmiyc/2013cmiyc_dist/Company1/pro-hashes.8.txt
--fork=4  --rules:Single --format=descrypt
Using default input encoding: UTF-8
Loaded 1793 password hashes with 1471 different salts (descrypt,
traditional crypt(3) [DES 256/256 AVX2-16])
Remaining 1781 password hashes with 1463 different salts
Node numbers 1-4 of 4 (fork)
Press 'q' or Ctrl-C to abort, almost any other key for status
Each node loaded 1/4 of wordfile to memory (about 6 KB/node)
dominiqu         (?)
coltrane         (?)
asdfghjk         (?)
christin         (?)
christin         (?)
hydrogen         (?)
mollymol         (?)
destinie         (?)
mercury4         (?)
mercury6         (?)

Hope it helps

Best,
Luis

On Thu, Jul 30, 2015 at 10:04 AM, Marek Wrzosek <marek.wrzosek@...il.com>
wrote:

> W dniu 29.07.2015 o 20:45, Solar Designer pisze:
> > On Wed, Jul 29, 2015 at 10:20:02AM +0200, Marek Wrzosek wrote:
> >> For now, I stuck, so I'll probably go back in time (remove some lines
> >> from pot file) and calmly I'll try to reproduce the problem.
> >> Most likely this is because of wordlist/loopback with rules and fork, an
> >> unfortunate coincidence that two or more threads are using two or more
> >> different but similar words and different rules that together cause the
> >> same output in the exact same moment that "pot sync" was unable to deal
> >> with them. That is a lot of coincidence for me ;-)
> >> It should happens from time to time. Isn't it too frequent then?
> >
> > This might well be too frequent, or not, depending on your exact
> > circumstances.  You had mentioned you saw this problem even with modes
> > such as incremental and prince - if so, that's a bug, so please try to
> > reproduce it and let us know if you were able to or not.  And we'd like
> > to be able to reproduce the problem, too, so a testcase would be very
> > helpful, if you can provide that.
> >
> >> I can easily remove duplicates by using uniq command, no harm done.
> >
> > You don't need to remove them.  John's output during cracking is just
> > for you to be aware of its progress, and john.pot is normally for John's
> > internal use.  The actual cracking results you should obtain with "john
> > --show passwordfileshere", and this won't show any duplicates even if
> > there are duplicate lines in your pot file.
> >
> >> BTW, I was using fork with wordlist+rules mainly because of this
> statement:
> >> "Warning: no OpenMP support for this hash type, consider --fork=4".
> >
> > Sure, your use of --fork is fine.
> >
> >> Maybe it should be disabled for certain cases like above.
> >
> > Why, I guess it completed much quicker with --fork than it would have
> > without, even if it produced some duplicate cracks.
> >
> >> Most probably it's EOT. Thanks for help, magnum.
> >
> > I would be happier to end this thread when we have a specific
> > conclusion: a JtR bug (e.g., if reproducible with modes other than
> > wordlist and loopback) or just an expected side-effect of having similar
> > input words (e.g., what you saw is not surprising at all if that was in
> > loopback mode, where you could have the same passwords already in your
> > john.pot, e.g. for different salts).  Thank you, Marek.
> >
> > Alexander
> >
> The problem is: I'm not sure right now. I was using a lot of modes and I
> saw duplicates few times. The most frequently with wordlist/loopback and
> rules, but it is theoretically possible in prince too (I think), because
> this mode is using wordlist or pot file also and creates candidates by
> concatenating passwords, so the mechanism is similar.
> I'll report this as soon as I'll be able to reproduce this in modes
> other than wordlist+rules but until then I consider this as an EOT.
> I was using fork because the sum of combined Kp/s was higher than Kp/s
> without fork but it was bugging me.
> I'm curious what are the odds and how wide is the window of opportunity
> ("pot sync") for it to happen. Probability of this must be higher for
> loopback mode (or maybe for prince-loopback) and for wordlist that were
> created using smaller wordlist and word-mangling rules. If fork is
> desirable in that cases, maybe there should be a way for a user to
> decide how one big wordlist should be distributed among the processes.
> Thanks, Alexander.
>
> Best Regards
> --
> Marek Wrzosek
> marek.wrzosek@...il.com
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.