Why John the Ripper is so slow with simple password?
Yes, that is pretty common since John
uses either a Dictionary Attack or Brute-force. Neither of which are terribly fast, especially against many modern hashing algorithms running on a single thread (running some hashes is expensive, as @DavidSchwartz mentions).
John
without arguments also uses pretty slow methods, from the FAQ:
Q: How long should I expect John to run?
A: It primarily depends on the cracking mode(s) and on your password files (in particular, the type of hashes and the number of different salts, if applicable). Most importantly, you should note that the "incremental" mode, which a default John run (with no command line options) proceeds with after being done with the quicker checks, is not supposed to terminate in a reasonable time.
One option to try to squeeze out better performance is to enable parallelization
with --fork=N
(N
is number of processes) or --node
. See the options list for details on those.
Theoretically, if you have two threads running semi-intelligently - your execution time should be cut in ~half. (Note the qualifier "theoretically", YMMV in the real world)
Related videos on Youtube
JZ555
Updated on September 18, 2022Comments
-
JZ555 over 1 year
I'm using John the Ripper version 1.7.8 on Linux Ubuntu to crack Linux user passwords as an exercise. I run the Linux on a virtual machine. I created a user called "User1" to the system and set a password "axby" for it. Then I got the password hash with the usual command:
root@machine:~# unshadow /etc/passwd /etc/shadow > filetocrack
Then I run John with command:
root@machine:~# john filetocrack
As I'm writing this question the program has run like 30 minutes trying to guess a simple 4-letter password. Is this normal? Or have I done something wrong? Any suggestions to speed things up would be appreciated.
-
David Schwartz about 10 yearsYour system probably uses a very secure password hash that makes each trial expensive. What are your JtR speed metrics?
-
JZ555 about 10 years175 comparisons per second on the average. I don't know much about the security of the password hash. When I run John it says: "Loaded 1 password hashes with 1 different salts (generic crypt(3) [?/64])". Does that say anything to you?
-
David Schwartz about 10 yearsAt 175 comparisons per second, even if it knew the password consisted of precisely four lower case letters, it would still take 43 minutes to try them all.
-
-
JZ555 about 10 yearsSo basically what happens with my password is that John tries searching it very slowly from the dictionary and after 20 minutes or so the incremental mode kicks in. But without any restrictions the incremental mode is pretty much useless since the logic is to start testing with 8-letter words. Maybe I should just try another tool for the job... Any suggestions?
-
nerdwaller about 10 yearsAre you going for speed or simply academic reasons of verifying your own security? I can give any great suggestions other than running in parallel and being more explicit in John's parameters.