Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 Jan 2016 19:37:10 +0100
From: Frank Dittrich <>
Subject: Re: get more info about what yield to crack a particular

In addition to what Rich already mentioned in his reply, some more 

On 01/07/2016 08:53 AM, wrote:
> - what actual word from my wordlist was used

Except when you are using --wordlist without any rules, this is 
currently not possible.
May be you could create a new github issue:
and we can discuss there how this request could be supported, may be 
only for debug builds, only with --verbosity=5, only with --mkpc=1 ...
Such a feature will definitely have a performance impact, so don't 
expect this information to be easily available in a default build or 
with a default config.

> - what rule applied to this word allowed jtr to crack the password

Since most formats work on blocks of multiple candidates at the same 
time, there's always a possibility that candidates in such a block were 
generated by multiple rules.
This is especially true for very short word lists or for single mode.

An additional difficulty in single mode is that even with just a single 
rule ':' (e.g., with --single=none), john will try combination of words 
from the GECOS field, user name ...
In recent bleeding-jumbo versions there are config variables which 
control single mode behavior:


Search for these variable names in john.conf and read the related 
john.conf comments.

Furthermore, single mode with default config settings will try 
candidates which successfully cracked one hash on hashes with other 
salts. This can be changed by Adjusting config variable 

Similar to wordlist mode and single mode and their different rules, 
you'll have different markov levels or different incremental mode levels 
when using --markov or --incremental.

The default number of candidates in a single block depends on the format 
and on the specific build.

You can check those values using --list=format-all-details

   $ ./john --list=format-all-details --format=bcrypt
Format label                         bcrypt
  Disabled in configuration file      no
Min. password length in bytes        0
Max. password length in bytes        72
Min. keys per crypt                  16
Max. keys per crypt                  48
  Case sensitive                      yes
  Truncates at (our) max. length      no
  Supports 8-bit characters           yes

For --single mode, john will try "Min. keys per crypt" candidates 
simultaneously, for other modes, john will try "Max. keys per crypt" 
candidates simultaneously, except for the last block.

If you want to make sure you will always have the "correct" rule, you 
can enforce just one candidate per block by adding the following option 
to your command line:

But please note that this will also cause a performance hit.
(In general, the larger a format's "Max. keys per crypt" and the "Min. 
keys per crypt" valueS, the more --mkpc=1 will impact performance.)

So it might be a better idea to convert your .pot file into a dummy hash 
E.g., just use --format=dummy or some other fast format.
The dummy format just uses the prefix $dummy$ followed by the password 
converted to hex, e.g., password "dummy" would have hash 
If you use some other format, make sure it supports at least the same 
password length as the format(s) in your .pot file.
If your format supports mixed case and non-ascii passwords, the dummy 
format should also support mixed case passwords and non-ascii characters.
These format properties are reported in the format details as well.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.