[prev in list] [next in list] [prev in thread] [next in thread]
List: john-users
Subject: [john-users] behavior when no mode is requested (batch mode)
From: Solar Designer <solar () openwall ! com>
Date: 2006-09-10 12:47:01
Message-ID: 20060910124701.GA14009 () openwall ! com
[Download RAW message or body]
I've changed the Subject. Please try to use short but descriptive
message Subjects on your questions.
On Sat, Sep 09, 2006 at 08:44:34PM +0200, websiteaccess wrote:
> I don't understand that syntax
>
> ./john -format=raw-md5 mypass.txt
You did not read the documentation carefully enough. Here are some
quotes. The very first example on the README is -
| To run John, you need to supply it with some password files and
| optionally specify a cracking mode, like this, using the default order
| of modes and assuming that "passwd" is a copy of your password file:
|
| john passwd
In OPTIONS, it is said that -
| You can list any number of password files right on the command line of
| "john". You do not have to specify any options. If valid password
| files are specified but no options are given, John will go through
| the default selection of cracking modes with their default settings.
CONFIG describes a configuration file option used when JtR is invoked
with no cracking mode requested -
| Wordlist = FILENAME
|
| Set this to your wordlist file name, to be used in batch mode (which is
| activated when you start John with password files, but not specifying a
| cracking mode). The default is "$JOHN/password.lst", that is, the file
| named "password.lst" in John's "home directory".
EXAMPLES also gives this as the very first JtR usage example (right
after suggestions on how to obtain a copy of your password file) -
| 2. Now, let's assume you've got a password file, "mypasswd", and want to
| crack it. The simplest way is to let John use its default order of
| cracking modes:
|
| john mypasswd
|
| This will try "single crack" mode first, then use a wordlist with rules,
| and finally go for "incremental" mode. Please refer to MODES for more
| information on these modes.
> is it the same thing as "./john -format=raw-md5 -i:all" ?
No. Currently, "batch mode", which is activated when JtR is invoked
with no cracking mode requested explicitly, consists of three passes:
1. "Single crack" mode.
2. Wordlist mode with word mangling rules enabled, using the wordlist
specified with "Wordlist = ..." in john.conf (or john.ini).
3. "Incremental" mode using either the settings for "[Incremental:All]"
or "[Incremental:LanMan]" (the latter when cracking LM hashes).
> Loaded 1 password hash (Raw MD5 [raw-md5])
> guesses: 0 time: 0:00:00:02 1% (2) c/s: 599478 trying: {arvo}
...
> guesses: 0 time: 0:00:03:10 95% (2) c/s: 465223 trying: puddy858
> guesses: 0 time: 0:00:03:20 (3) c/s: 462393 trying: 195d
The number in braces is the current batch mode pass number - 1 to 3.
This is not well documented, but it is briefly mentioned in this FAQ
entry -
| Q: I am running John for 10 days and it is still not finished?!
| Q: How long should I expect John to run?
| A: It primarily depends on the cracking mode(s) and on your password
| files (in particular, the type of hashes and the number of different
| salts, if applicable). Most importantly, you should note that the
| "incremental" mode, which a default John run (with no command line
| options) proceeds with after being done with the quicker checks, is not
| supposed to terminate in a reasonable time. It is up to you to decide
| how long you're going to let it run, then consider any uncracked
| passwords strong enough. "Single crack" mode runs typically take from
| under a second to one day (depending on the type and number of password
| hashes). Wordlist mode runs may also be quick (under a second) for
| tiny wordlists and fast hashes or they may take multiple days with large
| wordlists, with word mangling rules, and with slow hash types and
| substantial numbers of different salts. The status line John reports
| whenever you hit a key includes a progress indicator (percent complete)
| for "single crack" and wordlist modes. With no cracking mode requested
| explicitly, John will start with "single crack" mode (pass 1), then
| proceed with wordlist mode (pass 2), and finally with "incremental" mode
| (pass 3). The pass numbers are reported on the status line, too. It is
| reasonable to let John reach "incremental" mode (pass 3) and run that
| for a while (some days). You will notice that John's success rate (the
| number of passwords cracked per hour or per day) will be dropping
| rapidly. When you determine that the success rate is low enough, you
| interrupt John.
--
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments
Was I helpful? Please give your feedback here: http://rate.affero.net/solar
--
To unsubscribe, e-mail john-users-unsubscribe@lists.openwall.com and reply
to the automated confirmation request that will be sent to you.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic