Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 26 Mar 2018 17:26:59 +0000
From: kaan denizer <>
Subject: Re: John The Ripper Detailed Outputs

Hello Alexander,

Thanks for quick and detailed reply.  I am using wordlist mode without
fork. Therefore if i am not mistaken, "NoLoaderDupeCheck" was what i was
looking for exactly.


On Mon, 26 Mar 2018 at 17:57 Solar Designer <> wrote:

> On Mon, Mar 26, 2018 at 01:35:29PM +0000, kaan denizer wrote:
> > I am giving john the ripper a file which contains hashes of password
> which
> > may contain duplicate hashes.
> >
> > I get the john's output like this: "2g 0:00:00:01 1.600g/s 3.200p/s
> > 3.200c/s 70227C/s 123456789..abc123"
> >
> > Which represents the total number of *unique* passwords cracked over
> time.
> None of these figures are guaranteed to represent that.  Whether JtR
> even loads the duplicate hashes or not may vary by matching salts vs.
> not and by cracking mode.  To get the full list of cracked passwords,
> including duplicate passwords (if for different lines in the original
> password hash files - such as for different usernames), use "--show".
> > My question is "Is There a Way to get *total* number of passwords *(which
> > contains duplicate password counts as well)* cracked over time from
> jonh's
> > output?"
> In general no, because JtR itself might not know that number if it
> didn't even load the duplicate hashes (in case the salts matched, too -
> or in case of unsalted hash types).
> In specific cases, yes:
> When running "single crack" or batch mode (no cracking mode requested),
> which includes "single crack" as a first step, JtR always loads all
> hashes (even the duplicates), and then the guess count ("2g" in your
> example) and the guess rate ("1.600g/s" in your example) correspond to
> the total you ask for (including duplicates).
> You may also change the "NoLoaderDupeCheck = N" to "Y" in john.conf in
> jumbo, to achieve the same effect as above for all cracking modes.
> But then there's "--fork", which may in some cracking modes (such as
> wordlist with rules) result in duplicate guesses by the different child
> processes, so the reported guess count might even be higher than the
> total number of hashes (including duplicates).  So the above two
> specific cases are only suitable for your needs when not using "--fork",
> or when you do use "--fork" then only with cracking modes that never
> produce duplicate candidate passwords (such as "--incremental" mode).
> My advice is that you do not rely on this status line for anything
> important.  It's a rough indication of progress.  If you need complete
> results of cracking, use "--show".
> Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.