Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAF9uAtouLL9TU=6eE3APBw6ff_FXh-+fmMNiNgr6+FUN3Uoh5Q@mail.gmail.com>
Date: Thu, 8 Jan 2015 14:25:17 -0500
From: Rafael Veras <rafaveguim@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: How to force John to count duplicate guesses?

Hi Matt,

Although it won't be useful for my current experiment, since the target is
hashed, I would like to know when the project goes public on github. It
might be useful for other experiments.

Thanks,

Rafael

On Wed, Jan 7, 2015 at 4:22 PM, Matt Weir <cweir@...edu> wrote:

> So if a guess is never hashed, is it actually a guess? ;p
>
> I don't know if it would be useful for you but I've been re-writing my
> password cracking simulator to be faster and my plan is to release it on
> github. Basically it takes candidate guesses as input via stdin, and then
> compares them against a list of plaintext target passwords. If the guesses
> match any of the passwords it outputs how many guesses it took to crack the
> password along with the plaintext value. There's several other output modes
> as well to make graphing the results in Excel easier. It's still faster to
> use JtR instead, (and for the matter JtR can be used against hashed
> passwords), but I find my tool useful since it makes parsing the results
> easier plus it's just a small python program so making changes is fairly
> striaghtforward.
>
> I'm not going to have access to my computer until tomorrow but if this
> sounds interesting to you I'll try to create a git project online sometime
> tomorrow night.
>
> Matt
>
> On Wed, Jan 7, 2015 at 3:51 PM, Rafael Veras <rafaveguim@...il.com> wrote:
>
> > Hi,
> >
> > I'm running an experiment with a wordlist containing 8 billion entries,
> > many of which are duplicates.
> >
> > By the end of the experiment a get the following status line:
> >
> > 1956366g *7942070363p* 0:00:21:18 1530g/s 6214Kp/s 6214Kc/s 25268GC/s
> > lyngemita..LynGemItA
> >
> > In bold is the number of password candidates tried. I expected to see
> > 8000000000 there.
> >
> > After some toy experiments, I realized John might not be counting
> > candidates that were already tried.
> >
> > From the status lines, I generate a graph with the performance of
> guessing
> > methods. Not counting duplicates artificially boosts the performance of
> > this particular guessing method, in terms of hits/guesses.
> >
> > So is it possible to easily alter this behavior, either in john.conf or
> in
> > the source code?!
> >
> > Best regards
> >
> > --
> >
> > Rafael
> >
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.