[prev in list] [next in list] [prev in thread] [next in thread] 

List:       john-users
Subject:    [john-users] behavior when no mode is requested (batch mode)
From:       Solar Designer <solar () openwall ! com>
Date:       2006-09-10 12:47:01
Message-ID: 20060910124701.GA14009 () openwall ! com
[Download RAW message or body]

I've changed the Subject.  Please try to use short but descriptive
message Subjects on your questions.

On Sat, Sep 09, 2006 at 08:44:34PM +0200, websiteaccess wrote:
>  I don't understand that syntax
> 
>  ./john -format=raw-md5 mypass.txt

You did not read the documentation carefully enough.  Here are some
quotes.  The very first example on the README is -

| To run John, you need to supply it with some password files and
| optionally specify a cracking mode, like this, using the default order
| of modes and assuming that "passwd" is a copy of your password file:
| 
| 	john passwd

In OPTIONS, it is said that -

| You can list any number of password files right on the command line of
| "john".  You do not have to specify any options.  If valid password
| files are specified but no options are given, John will go through
| the default selection of cracking modes with their default settings.

CONFIG describes a configuration file option used when JtR is invoked
with no cracking mode requested -

| Wordlist = FILENAME
| 
| Set this to your wordlist file name, to be used in batch mode (which is
| activated when you start John with password files, but not specifying a
| cracking mode).  The default is "$JOHN/password.lst", that is, the file
| named "password.lst" in John's "home directory".

EXAMPLES also gives this as the very first JtR usage example (right
after suggestions on how to obtain a copy of your password file) -

| 2. Now, let's assume you've got a password file, "mypasswd", and want to
| crack it.  The simplest way is to let John use its default order of
| cracking modes:
| 
| 	john mypasswd
| 
| This will try "single crack" mode first, then use a wordlist with rules,
| and finally go for "incremental" mode.  Please refer to MODES for more
| information on these modes.

> is it the same thing as  "./john -format=raw-md5 -i:all" ?

No.  Currently, "batch mode", which is activated when JtR is invoked
with no cracking mode requested explicitly, consists of three passes:

1. "Single crack" mode.

2. Wordlist mode with word mangling rules enabled, using the wordlist
specified with "Wordlist = ..." in john.conf (or john.ini).

3. "Incremental" mode using either the settings for "[Incremental:All]"
or "[Incremental:LanMan]" (the latter when cracking LM hashes).

> Loaded 1 password hash (Raw MD5 [raw-md5])
> guesses: 0  time: 0:00:00:02 1% (2)  c/s: 599478  trying: {arvo}
...
> guesses: 0  time: 0:00:03:10 95% (2)  c/s: 465223  trying: puddy858
> guesses: 0  time: 0:00:03:20 (3)  c/s: 462393  trying: 195d

The number in braces is the current batch mode pass number - 1 to 3.
This is not well documented, but it is briefly mentioned in this FAQ
entry -

| Q: I am running John for 10 days and it is still not finished?!
| Q: How long should I expect John to run?
| A: It primarily depends on the cracking mode(s) and on your password
| files (in particular, the type of hashes and the number of different
| salts, if applicable).  Most importantly, you should note that the
| "incremental" mode, which a default John run (with no command line
| options) proceeds with after being done with the quicker checks, is not
| supposed to terminate in a reasonable time.  It is up to you to decide
| how long you're going to let it run, then consider any uncracked
| passwords strong enough.  "Single crack" mode runs typically take from
| under a second to one day (depending on the type and number of password
| hashes).  Wordlist mode runs may also be quick (under a second) for
| tiny wordlists and fast hashes or they may take multiple days with large
| wordlists, with word mangling rules, and with slow hash types and
| substantial numbers of different salts.  The status line John reports
| whenever you hit a key includes a progress indicator (percent complete)
| for "single crack" and wordlist modes.  With no cracking mode requested
| explicitly, John will start with "single crack" mode (pass 1), then
| proceed with wordlist mode (pass 2), and finally with "incremental" mode
| (pass 3).  The pass numbers are reported on the status line, too.  It is
| reasonable to let John reach "incremental" mode (pass 3) and run that
| for a while (some days).  You will notice that John's success rate (the
| number of passwords cracked per hour or per day) will be dropping
| rapidly.  When you determine that the success rate is low enough, you
| interrupt John.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@lists.openwall.com and reply
to the automated confirmation request that will be sent to you.

[prev in list] [next in list] [prev in thread] [next in thread]