|
Date: Thu, 2 Feb 2017 06:24:39 -0500 From: Rich Rumble <richrumble@...il.com> To: john-users@...ts.openwall.com Subject: Re: to Single or not to Single On Wed, Feb 1, 2017 at 3:25 PM, Patrick Proniewski <p+password@...atpro.net> wrote: > Hello, Welcome! > I'm looking for the best way to optimize a specific cracking session. > I've got a dump of more than 45 millions hashes+salts (dynamic_25), and for each one I've got a very serious candidate that works directly for more than 50%, and works with simple modification rest of the time. > > After some thinking, I've decided to try and use mode Single. I build a password file looking like this: > > candidate:$dynamic_25$hash$salt > > My questions is: does it look like the good solution to you? Single might not be what your looking for. Single excels at using the usernames themselves, and items like home directory paths as additional candidates. Single is very good at that, and doesn't require you to parse that data out and create a separate file, it does it automatically. > It appears that RAM consumption is horrendous. Even with a split file, I can saturate very rapidly 30 GB RAM. I've split to smaller pieces and refrained from using --fork. > A 4.7 million lines hash file (325 Mo), without --fork, with SingleRetestGuessed = N, with --rules=none, uses about 20 GB RAM. > And strange thing, the cracking rate slowly decrease along the cracking session. I would have thought that speed should be constant along the file, but in fact it's not. Shorter candidates are more likely to crack the corresponding hash, so maybe John is ordering the file to compute hashes for shorter candidates before long ones… That would be a great explanation. You can try some of the memory manipulation parameters: --save-memory=LEVEL enable memory saving, at LEVEL 1..3 (see OPTIONS <http://www.openwall.com/john/doc/OPTIONS.shtml> file) (note that level 1 is incompatible with single :) > I'm currently running the simplest pass on my 4.7 millions lines files, no rules, in order to decrease as fast as possible the amount of hashes on which I'll have to work harder. But I'm not sure it's the best move. > Any comment appreciated. I think using other modes are probably better suited to your task, once single has had a chance to run for a bit, it finds many of the low hanging fruit, might be time to train your wordlist up and use incremental, loopback, external, or mask modes. I have a tutorial and others do too on the wiki: http://openwall.info/wiki/john/tutorials ( https://xinn.org/blog/JtR-AD-Password-Auditing.html (Scroll down to "Using JtR) -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.