Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 2 Feb 2017 06:24:39 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: to Single or not to Single

On Wed, Feb 1, 2017 at 3:25 PM, Patrick Proniewski <p+password@...atpro.net>
wrote:
> Hello,
Welcome!
> I'm looking for the best way to optimize a specific cracking session.
> I've got a dump of more than 45 millions hashes+salts (dynamic_25), and
for each one I've got a very serious candidate that works directly for more
than 50%, and works with simple modification rest of the time.
>
> After some thinking, I've decided to try and use mode Single. I build a
password file looking like this:
>
> candidate:$dynamic_25$hash$salt
>
> My questions is: does it look like the good solution to you?
Single might not be what your looking for. Single excels at using the
usernames themselves, and items like home directory paths as additional
candidates. Single is very good at that, and doesn't require you to parse
that data out and create a separate file, it does it automatically.
> It appears that RAM consumption is horrendous. Even with a split file, I
can saturate very rapidly 30 GB RAM. I've split to smaller pieces and
refrained from using --fork.
> A 4.7 million lines hash file (325 Mo), without --fork, with
SingleRetestGuessed = N, with --rules=none, uses about 20 GB RAM.
> And strange thing, the cracking rate slowly decrease along the cracking
session. I would have thought that speed should be constant along the file,
but in fact it's not. Shorter candidates are more likely to crack the
corresponding hash, so maybe John is ordering the file to compute hashes
for shorter candidates before long ones… That would be a great explanation.
You can try some of the memory manipulation parameters:
--save-memory=LEVEL enable memory saving, at LEVEL 1..3  (see OPTIONS
<http://www.openwall.com/john/doc/OPTIONS.shtml> file)
(note that level 1 is incompatible with single :)

> I'm currently running the simplest pass on my 4.7 millions lines files,
no rules, in order to decrease as fast as possible the amount of hashes on
which I'll have to work harder. But I'm not sure it's the best move.
> Any comment appreciated.
I think using other modes are probably better suited to your task, once
single has had a chance to run for a bit, it finds many of the low hanging
fruit, might be time to train your wordlist up and use incremental,
loopback, external, or mask modes. I have a tutorial and others do too on
the wiki: http://openwall.info/wiki/john/tutorials  (
https://xinn.org/blog/JtR-AD-Password-Auditing.html (Scroll down to "Using
JtR)
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.