Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CADaqEgUf3q4POR+vzDPZK-mRhXB9sL5b-YC_+DyAGtcOfYyoyg@mail.gmail.com>
Date: Mon, 26 Mar 2018 17:26:59 +0000
From: kaan denizer <rkdenizer@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: John The Ripper Detailed Outputs

Hello Alexander,

Thanks for quick and detailed reply.  I am using wordlist mode without
fork. Therefore if i am not mistaken, "NoLoaderDupeCheck" was what i was
looking for exactly.

Kaan

On Mon, 26 Mar 2018 at 17:57 Solar Designer <solar@...nwall.com> wrote:

> On Mon, Mar 26, 2018 at 01:35:29PM +0000, kaan denizer wrote:
> > I am giving john the ripper a file which contains hashes of password
> which
> > may contain duplicate hashes.
> >
> > I get the john's output like this: "2g 0:00:00:01 1.600g/s 3.200p/s
> > 3.200c/s 70227C/s 123456789..abc123"
> >
> > Which represents the total number of *unique* passwords cracked over
> time.
>
> None of these figures are guaranteed to represent that.  Whether JtR
> even loads the duplicate hashes or not may vary by matching salts vs.
> not and by cracking mode.  To get the full list of cracked passwords,
> including duplicate passwords (if for different lines in the original
> password hash files - such as for different usernames), use "--show".
>
> > My question is "Is There a Way to get *total* number of passwords *(which
> > contains duplicate password counts as well)* cracked over time from
> jonh's
> > output?"
>
> In general no, because JtR itself might not know that number if it
> didn't even load the duplicate hashes (in case the salts matched, too -
> or in case of unsalted hash types).
>
> In specific cases, yes:
>
> When running "single crack" or batch mode (no cracking mode requested),
> which includes "single crack" as a first step, JtR always loads all
> hashes (even the duplicates), and then the guess count ("2g" in your
> example) and the guess rate ("1.600g/s" in your example) correspond to
> the total you ask for (including duplicates).
>
> You may also change the "NoLoaderDupeCheck = N" to "Y" in john.conf in
> jumbo, to achieve the same effect as above for all cracking modes.
>
> But then there's "--fork", which may in some cracking modes (such as
> wordlist with rules) result in duplicate guesses by the different child
> processes, so the reported guess count might even be higher than the
> total number of hashes (including duplicates).  So the above two
> specific cases are only suitable for your needs when not using "--fork",
> or when you do use "--fork" then only with cracking modes that never
> produce duplicate candidate passwords (such as "--incremental" mode).
>
> My advice is that you do not rely on this status line for anything
> important.  It's a rough indication of progress.  If you need complete
> results of cracking, use "--show".
>
> Alexander
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.