Solar Designer | 7 Aug 05:44 2008

Re: Core 2 Duo benchmarks JtR 1.7.3.1

On Wed, Jul 23, 2008 at 09:05:55AM +0530, Dhirendra Singh Kholia wrote:
> Intel Core 2 Duo E6750  <at> 3.6GHz
> Linux kernel 2.6.24
> GCC 4.2.3 [64-bit]
> make linux-x86-64
> 
> Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
> Many salts:	3486K c/s real, 3493K c/s virtual
...

That's very nice.

> * Memory BW and Latency didn't make any difference in the benchmarking.

Indeed.

> Wondering if latest gcc 4.3.1 or gcc 4.4.x branch would make a difference?

Yes, it might further improve performance at MD5 and Blowfish-based
hashes, but it should not make a difference at DES-based crypt(3) hashes
(because those almost exclusively rely on the SSE2 code) and it might
affect LM hashes in a "random" way.

> < Added results to wiki >

Thank you!  You entered the wrong number in place of the single-salt
benchmark, though - I've corrected this.

Alexander

(Continue reading)

Solar Designer | 7 Aug 22:53 2008

Re: how to parse passwords with some known letters

On Sat, Jul 26, 2008 at 07:38:00PM +0200, Helmut Hullen wrote:
> I've seen that about 10% of the restored passwords end with "oo" (7 or 8  
> characters), and about 30% contain somewhere "oo".
> 
> Can I tell "John" at least the case that many passwords may end with  
> "oo"?

There are two reasonable things you can do:

1. If you have a large number of passwords already cracked, and it
sounds like you do, then generate a custom .chr file based on those
passwords (that is, on your john.pot).  This is described in the
documentation for JtR:

	http://www.openwall.com/john/doc/EXAMPLES.shtml

currently, that's example number 7.

The .chr file will have information on relative frequencies of different
character triplets, at different character positions and for different
password lengths, embedded in it.  So it will "know" that "oo" is common,
just how common it is relative to other character combinations, after
what preceding characters, in what character positions, and for what
password lengths.

2. Force JtR to try passwords ending in or containing "oo" only.  This
can be done with an external mode - either a complete one or a filter()
to be used along with another cracking mode.  The filter() could in fact
filter or it could append or insert the "oo".  You've already found some
examples of how that is done:
(Continue reading)

Markus Friedel | 13 Aug 16:56 2008
Picon
Picon

Re: Password generating tool

This scripts work great. But now after using and testing i search for 
other hash types. i try some other hash types from the 
Authen::Passphrase but it seems that john cannot handle these ones. i am 
using john with the markov extensions.
some other suggestions for getting hashes with scripts like the perl one?

Solar Designer schrieb:
> On Wed, Jun 18, 2008 at 03:27:00PM +0200, Markus Friedel wrote:
>> on my way to get John working with BOINC i have to do some tests.
>> So i need some passwords. actually i get them by using pwgen an mkpasswd 
>> this way:
>>
>> pwgen -A -0 $PWLENGTH 1 | mkpasswd -H MD5 -s >> mypassword
>>
>> The problem with mkpasswd is, i can only generate md5 and des. But i 
>> want to have more algorithms to test on.
>>
>> Can somebody show me a tool who does this with more algorithms and still 
>> works with john? I have tested mcrypt, but didnt get it work with john.
> 
> I've attached a couple of Perl scripts that do what you have asked for -
> and more.  The scripts require the Authen::Passphrase module from CPAN,
> and they accept a wordlist (such as JtR's default password.lst) on
> standard input and produce /etc/passwd-like or PWDUMP-like entries on
> standard output.  This covers all of the hash types supported by JtR
> natively, and NTLM.  The plaintext passwords are placed into the GECOS
> field, which lets the "single crack" mode crack them instantly.
> 
> Alexander
> 
(Continue reading)

Markus Friedel | 13 Aug 17:05 2008
Picon
Picon

john with markov and different hash types

i am using john with markov and distributing over network. For that i 
need to know which hash type i have to calculate the right computation 
time / passwords i want to probe in certain time. i have read the mails 
on the ml about let john pick the right passwords. but now i have to 
sort them by type.
is there a proper way to get this sorting and splitting into different 
files done?

best regards
markus friedel

--

-- 
To unsubscribe, e-mail
john-users-unsubscribe@... and reply
to the automated confirmation request that will be sent to you.

Simon Marechal | 13 Aug 19:20 2008
Picon

Re: john with markov and different hash types

Markus Friedel <markus.friedel@...> wrote:
> i am using john with markov and distributing over network. For that i 
> need to know which hash type i have to calculate the right computation 
> time / passwords i want to probe in certain time. i have read the mails 
> on the ml about let john pick the right passwords. but now i have to 
> sort them by type.
> is there a proper way to get this sorting and splitting into different 
> files done?

I usually keep them in the same file and just use the -format option to
sort them.

--

-- 
To unsubscribe, e-mail
john-users-unsubscribe@... and reply
to the automated confirmation request that will be sent to you.

Murat D. Kadirov | 16 Aug 21:50 2008
Picon

jtr and openmpi 1.2.3

I try to compile jtr together with openmpi 1.2.3. I compile last
release from http://www.openwall.com/john/, with patch from
http://www.bindshell.net/tools/johntheripper and openmpi 1.2.3. I run
'john shadow' and in terminal top, and I see that from four only one
kernel works for me (I have Core 2 Quad Q6600). What I am doing wrong
and how I can make, that all four kernels worked?

Thanks.
--

-- 
Murat D. Kadirov
Murat D. Kadirov | 16 Aug 23:39 2008
Picon

Re: jtr and openmpi 1.2.3

01:50 Sun 17 Aug, Murat D. Kadirov wrote:
> I try to compile jtr together with openmpi 1.2.3. I compile last
> release from http://www.openwall.com/john/, with patch from
> http://www.bindshell.net/tools/johntheripper and openmpi 1.2.3. I run
> 'john shadow' and in terminal top, and I see that from four only one
> kernel works for me (I have Core 2 Quad Q6600). What I am doing wrong
> and how I can make, that all four kernels worked?

I tried pre patched version john-1.7.3.1-mpi8.tar.gz from
http://www.bindshell.net/tools/johntheripper. The same result. Run:

murat[run]$ mpirun -np 4 ./john shadow

Occurs nothing. When stop (Ctrl^C) I get errors:

^Cmpirun: killing job...

[darkstar:19492] [0,0,0] ORTE_ERROR_LOG: Timeout in file
base/pls_base_orted_cmds.c at line 275
[darkstar:19492] [0,0,0] ORTE_ERROR_LOG: Timeout in file
pls_rsh_module.c at line 1164
--------------------------------------------------------------------------
WARNING: mpirun has exited before it received notification that all
started processes had terminated.  You should double check and ensure
that there are no runaway processes still executing.
--------------------------------------------------------------------------

In processes table (top) john does not appear. :/

--

-- 
(Continue reading)

RB | 17 Aug 21:15 2008
Picon

Re: jtr and openmpi 1.2.3

On Sat, Aug 16, 2008 at 3:39 PM, Murat D. Kadirov <banderols@...> wrote:
> 01:50 Sun 17 Aug, Murat D. Kadirov wrote:
>> I try to compile jtr together with openmpi 1.2.3. I compile last
>> release from http://www.openwall.com/john/, with patch from
>> http://www.bindshell.net/tools/johntheripper and openmpi 1.2.3. I run
>> 'john shadow' and in terminal top, and I see that from four only one
>> kernel works for me (I have Core 2 Quad Q6600). What I am doing wrong
>> and how I can make, that all four kernels worked?
>
> I tried pre patched version john-1.7.3.1-mpi8.tar.gz from
> http://www.bindshell.net/tools/johntheripper. The same result. Run:
>
> murat[run]$ mpirun -np 4 ./john shadow
>
> Occurs nothing. When stop (Ctrl^C) I get errors:

The problem is that the MPI patches expect the end user to be at least
marginally familiar with running an MPI environment.  That said, the
most likely explanation is that you failed to initialize your MPI
environment by running 'mpd' before using 'mpirun' - mpd is the
traditional MPI management daemon and has to be running before you'll
get anything going.

This is far more MPI-specific than JtR-specific, but I suppose it
ought to be added to the parallelization page anyway, since it (and
Gentoo's recent addition of the 'mpi' USE keyword) are likely to bring
in a bunch of MPI-inexperienced users.  They also insisted on openmpi
instead of mpich2, since the developer responsible had a bad
experience in interop between PPC and x86 machines on mpich2.  *sigh*

(Continue reading)

Adam Turk | 20 Aug 21:23 2008
Picon

generating a wordlist with john


Hello,

I am running into an issue with john 1.7.2 for Linux.  If I use the command:
john --incremental=All --stdout=1
I get 96 words
Shouldn't it be 95?  26 lower + 26 upper + 10 number + 33 specials = 95

If I use:
john --incremental=All --stdout=2
I get 9121 words
Shouldn't I get 96^2 which is 9216?  As you can see I am off by 95.

If I use:
john --incremental=All --stdout=3
I get 866,496 words when I think it should be 96^3 = 884,736.  I am off by 18,240 which is ((95^2) + (96^2) -1)

Am I doing something wrong?
_________________________________________________________________
Get thousands of games on your PC, your mobile phone, and the web with Windows®.
http://clk.atdmt.com/MRT/go/108588800/direct/01/
--

-- 
To unsubscribe, e-mail
john-users-unsubscribe@... and reply
to the automated confirmation request that will be sent to you.

RB | 23 Aug 01:48 2008
Picon

"new" libc crypt functions

I wasn't aware of the additions until a few weeks ago, but found out
that pam_unix now offers SHA256 ($5$) and SHA512 ($6$) hashes.  Any
thoughts on implementing them, or what the speed comparison may be to
the blowfish hashes?  Just an interesting development, it's not often
the core libraries offer new encryption methods - used to seeing TLB
or pam_unix2 for alternate hashes.

RB

--

-- 
To unsubscribe, e-mail
john-users-unsubscribe@... and reply
to the automated confirmation request that will be sent to you.


Gmane