[plug] john the ripper
Matt Kemner
zombie at penguincare.com.au
Wed Jul 6 22:09:38 WST 2005
Hi Bill
> Thanks Matt, all good info, most of which has been not obvious in the
> sources I checked. One discrepancy - you say you can do 100,000 c/s
> with john but I am showing much less - can you confirm the figures you
> give?
Yes, but that's using old-school DES encryption for the passwords, not
this new-fangled MD5 thing :)
As I said it was a lifetime (or two) ago that I last used john on a
regular basis.
live:~/JOHN# ls -la john
-rwxr-xr-x 1 root root 137980 Jul 13 1999 john*
live:~/JOHN# ./john -incremental oldshadow
Loaded 31 passwords with 31 different salts (Standard DES [48/64 4K])
guesses: 0 time: 0:00:00:05 c/s: 65868 trying: jwk - comessam
guesses: 0 time: 0:00:00:11 c/s: 90263 trying: shadial - cattema
guesses: 0 time: 0:00:01:42 c/s: 106695 trying: zhi - 9oi
And from ./john -test :
Benchmarking: Standard DES [48/64 4K]... DONE
Many salts: 111692 c/s real, 112821 c/s virtual
Only one salt: 106112 c/s real, 106112 c/s virtual
...
Benchmarking: FreeBSD MD5 [32/32]... DONE
Raw: 1958 c/s real, 1954 c/s virtual
> running without nice gives a solid 2916 c/s each time
Interesting that you only get 50% better speed than this old PIII
> Found some docs installed with it and it appears that it doest use all
> possible characters by default - seems like something simple has turned
> "difficult"
Trying all characters should be (or at least was) the default, but you can
always force it with:
john -incremental:all
>From doc/EXAMPLES:
"In the configuration file
supplied with John these parameters are to use the full 95 character set,
and to try all possible password lengths, from 0 to 8."
- Matt(who should probably go and grab a more recent version for purposes
of this discussion ;)
More information about the plug
mailing list