Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have downloaded and installed John and everything seemed OK for the installation. I started John and it said something about only needing to test 4 passwords with 4 different salts. Not sure what "salts" means, but anyway...
I ran it for just a few minutes before it cracked one of my passwords. Cool.. I know it's working. But after another 7 hours, it still hadn't finished. I ended up killing the process and restarting. Now it says I only need to test 3 of them. I guess that's because it already cracked one of them and now it's working on the other 3.
When I run John now, it says something like what I'm showing below. Every few minutes i would hit a key on the keyboard just to see what it was doing. Here's what it says...
This looks weird. It's not showing percentages now. I'm not sure if this is bad or not. I looked high and low for some documentation for John but I couldn't find much of anything on their website. I don't know if this was because (A) I wasn't looking hard enough, or (B) their website could use an overhaul to make sure the information is easier to find or (C) they don't offer documentation. If they do, I will gladly kick myself in the goodies for posting such a doofus question.
The question is... how long is John supposed to run before I should assume it's not doing anything. And should I be concerned about the fact that it keeps saying "guesses: 0" for all of them. Finally, where can I find some good info about running John on Linux.
Thanks in advance and sorry for such a noob question.
Depending on how long the passwords are, it could take a long time.
If you have a 1 character password, and you include all letters, case sensitive and numbers, then there are 62 possible combinations. If you have 2 character passwords, then there are 62^2 possible combinations. If you have 10 characters, there are 62^10 possible combinations. So it might take a few days to brute-force a 10 letter password.
If you include pound signs, exclamation points, etc, then it can take even longer.
In other words, JTR is a neat toy, but don't count on it to crack a real-life password that someone has made up to be strong and avoid this type of brute-force attack in your life-time. I have seen one of PGP that does the same type of deal. Hmmmmm passphase = password + much longer.... no I don't think I'll be running that one anytime soon.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.