Discussion:
[john-users] John The Ripper Detailed Outputs
kaan denizer
2018-03-26 13:35:29 UTC
Permalink
I am giving john the ripper a file which contains hashes of password which
may contain duplicate hashes.

I get the john's output like this: "2g 0:00:00:01 1.600g/s 3.200p/s
3.200c/s 70227C/s 123456789..abc123"

Which represents the total number of *unique* passwords cracked over time.

My question is "Is There a Way to get *total* number of passwords *(which
contains duplicate password counts as well)* cracked over time from jonh's
output?"
Solar Designer
2018-03-26 14:51:13 UTC
Permalink
Post by kaan denizer
I am giving john the ripper a file which contains hashes of password which
may contain duplicate hashes.
I get the john's output like this: "2g 0:00:00:01 1.600g/s 3.200p/s
3.200c/s 70227C/s 123456789..abc123"
Which represents the total number of *unique* passwords cracked over time.
None of these figures are guaranteed to represent that. Whether JtR
even loads the duplicate hashes or not may vary by matching salts vs.
not and by cracking mode. To get the full list of cracked passwords,
including duplicate passwords (if for different lines in the original
password hash files - such as for different usernames), use "--show".
Post by kaan denizer
My question is "Is There a Way to get *total* number of passwords *(which
contains duplicate password counts as well)* cracked over time from jonh's
output?"
In general no, because JtR itself might not know that number if it
didn't even load the duplicate hashes (in case the salts matched, too -
or in case of unsalted hash types).

In specific cases, yes:

When running "single crack" or batch mode (no cracking mode requested),
which includes "single crack" as a first step, JtR always loads all
hashes (even the duplicates), and then the guess count ("2g" in your
example) and the guess rate ("1.600g/s" in your example) correspond to
the total you ask for (including duplicates).

You may also change the "NoLoaderDupeCheck = N" to "Y" in john.conf in
jumbo, to achieve the same effect as above for all cracking modes.

But then there's "--fork", which may in some cracking modes (such as
wordlist with rules) result in duplicate guesses by the different child
processes, so the reported guess count might even be higher than the
total number of hashes (including duplicates). So the above two
specific cases are only suitable for your needs when not using "--fork",
or when you do use "--fork" then only with cracking modes that never
produce duplicate candidate passwords (such as "--incremental" mode).

My advice is that you do not rely on this status line for anything
important. It's a rough indication of progress. If you need complete
results of cracking, use "--show".

Alexander
kaan denizer
2018-03-26 17:26:59 UTC
Permalink
Hello Alexander,

Thanks for quick and detailed reply. I am using wordlist mode without
fork. Therefore if i am not mistaken, "NoLoaderDupeCheck" was what i was
looking for exactly.

Kaan
Post by Solar Designer
Post by kaan denizer
I am giving john the ripper a file which contains hashes of password
which
Post by kaan denizer
may contain duplicate hashes.
I get the john's output like this: "2g 0:00:00:01 1.600g/s 3.200p/s
3.200c/s 70227C/s 123456789..abc123"
Which represents the total number of *unique* passwords cracked over
time.
None of these figures are guaranteed to represent that. Whether JtR
even loads the duplicate hashes or not may vary by matching salts vs.
not and by cracking mode. To get the full list of cracked passwords,
including duplicate passwords (if for different lines in the original
password hash files - such as for different usernames), use "--show".
Post by kaan denizer
My question is "Is There a Way to get *total* number of passwords *(which
contains duplicate password counts as well)* cracked over time from
jonh's
Post by kaan denizer
output?"
In general no, because JtR itself might not know that number if it
didn't even load the duplicate hashes (in case the salts matched, too -
or in case of unsalted hash types).
When running "single crack" or batch mode (no cracking mode requested),
which includes "single crack" as a first step, JtR always loads all
hashes (even the duplicates), and then the guess count ("2g" in your
example) and the guess rate ("1.600g/s" in your example) correspond to
the total you ask for (including duplicates).
You may also change the "NoLoaderDupeCheck = N" to "Y" in john.conf in
jumbo, to achieve the same effect as above for all cracking modes.
But then there's "--fork", which may in some cracking modes (such as
wordlist with rules) result in duplicate guesses by the different child
processes, so the reported guess count might even be higher than the
total number of hashes (including duplicates). So the above two
specific cases are only suitable for your needs when not using "--fork",
or when you do use "--fork" then only with cracking modes that never
produce duplicate candidate passwords (such as "--incremental" mode).
My advice is that you do not rely on this status line for anything
important. It's a rough indication of progress. If you need complete
results of cracking, use "--show".
Alexander
Solar Designer
2018-03-26 17:46:36 UTC
Permalink
Post by kaan denizer
Thanks for quick and detailed reply. I am using wordlist mode without
fork. Therefore if i am not mistaken, "NoLoaderDupeCheck" was what i was
looking for exactly.
Yes, it sounds like that will work for your needs.

I assume this is for some kind of research, where accurate count is more
important than cracking more of the weak passwords.

Alexander

Loading...