Date: Mon, 26 Mar 2018 17:26:59 +0000 From: kaan denizer <rkdenizer@...il.com> To: john-users@...ts.openwall.com Subject: Re: John The Ripper Detailed Outputs Hello Alexander, Thanks for quick and detailed reply. I am using wordlist mode without fork. Therefore if i am not mistaken, "NoLoaderDupeCheck" was what i was looking for exactly. Kaan On Mon, 26 Mar 2018 at 17:57 Solar Designer <solar@...nwall.com> wrote: > On Mon, Mar 26, 2018 at 01:35:29PM +0000, kaan denizer wrote: > > I am giving john the ripper a file which contains hashes of password > which > > may contain duplicate hashes. > > > > I get the john's output like this: "2g 0:00:00:01 1.600g/s 3.200p/s > > 3.200c/s 70227C/s 123456789..abc123" > > > > Which represents the total number of *unique* passwords cracked over > time. > > None of these figures are guaranteed to represent that. Whether JtR > even loads the duplicate hashes or not may vary by matching salts vs. > not and by cracking mode. To get the full list of cracked passwords, > including duplicate passwords (if for different lines in the original > password hash files - such as for different usernames), use "--show". > > > My question is "Is There a Way to get *total* number of passwords *(which > > contains duplicate password counts as well)* cracked over time from > jonh's > > output?" > > In general no, because JtR itself might not know that number if it > didn't even load the duplicate hashes (in case the salts matched, too - > or in case of unsalted hash types). > > In specific cases, yes: > > When running "single crack" or batch mode (no cracking mode requested), > which includes "single crack" as a first step, JtR always loads all > hashes (even the duplicates), and then the guess count ("2g" in your > example) and the guess rate ("1.600g/s" in your example) correspond to > the total you ask for (including duplicates). > > You may also change the "NoLoaderDupeCheck = N" to "Y" in john.conf in > jumbo, to achieve the same effect as above for all cracking modes. > > But then there's "--fork", which may in some cracking modes (such as > wordlist with rules) result in duplicate guesses by the different child > processes, so the reported guess count might even be higher than the > total number of hashes (including duplicates). So the above two > specific cases are only suitable for your needs when not using "--fork", > or when you do use "--fork" then only with cracking modes that never > produce duplicate candidate passwords (such as "--incremental" mode). > > My advice is that you do not rely on this status line for anything > important. It's a rough indication of progress. If you need complete > results of cracking, use "--show". > > Alexander >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.