Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 26 Mar 2018 16:51:13 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: John The Ripper Detailed Outputs

On Mon, Mar 26, 2018 at 01:35:29PM +0000, kaan denizer wrote:
> I am giving john the ripper a file which contains hashes of password which
> may contain duplicate hashes.
> 
> I get the john's output like this: "2g 0:00:00:01 1.600g/s 3.200p/s
> 3.200c/s 70227C/s 123456789..abc123"
> 
> Which represents the total number of *unique* passwords cracked over time.

None of these figures are guaranteed to represent that.  Whether JtR
even loads the duplicate hashes or not may vary by matching salts vs.
not and by cracking mode.  To get the full list of cracked passwords,
including duplicate passwords (if for different lines in the original
password hash files - such as for different usernames), use "--show".

> My question is "Is There a Way to get *total* number of passwords *(which
> contains duplicate password counts as well)* cracked over time from jonh's
> output?"

In general no, because JtR itself might not know that number if it
didn't even load the duplicate hashes (in case the salts matched, too -
or in case of unsalted hash types).

In specific cases, yes:

When running "single crack" or batch mode (no cracking mode requested),
which includes "single crack" as a first step, JtR always loads all
hashes (even the duplicates), and then the guess count ("2g" in your
example) and the guess rate ("1.600g/s" in your example) correspond to
the total you ask for (including duplicates).

You may also change the "NoLoaderDupeCheck = N" to "Y" in john.conf in
jumbo, to achieve the same effect as above for all cracking modes.

But then there's "--fork", which may in some cracking modes (such as
wordlist with rules) result in duplicate guesses by the different child
processes, so the reported guess count might even be higher than the
total number of hashes (including duplicates).  So the above two
specific cases are only suitable for your needs when not using "--fork",
or when you do use "--fork" then only with cracking modes that never
produce duplicate candidate passwords (such as "--incremental" mode).

My advice is that you do not rely on this status line for anything
important.  It's a rough indication of progress.  If you need complete
results of cracking, use "--show".

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.