I have downloaded and installed John and everything seemed OK for the installation. I started John and it said something about only needing to test 4 passwords with 4 different salts. Not sure what "salts" means, but anyway...

I ran it for just a few minutes before it cracked one of my passwords. Cool.. I know it's working. But after another 7 hours, it still hadn't finished. I ended up killing the process and restarting. Now it says I only need to test 3 of them. I guess that's because it already cracked one of them and now it's working on the other 3.

When I run John now, it says something like what I'm showing below. Every few minutes i would hit a key on the keyboard just to see what it was doing. Here's what it says...

Loaded 3 passwords with 3 different salts (FreeBSD MD5 [32/32])
guesses: 0 time: 0:00:00:36 28% (2) c/s: 2674 trying: symbol5
guesses: 0 time: 0:00:00:42 32% (2) c/s: 2674 trying: dookie6
guesses: 0 time: 0:00:00:51 41% (2) c/s: 2673 trying: pckrs
guesses: 0 time: 0:00:00:57 48% (2) c/s: 2674 trying: Nedlog
guesses: 0 time: 0:00:01:04 53% (2) c/s: 2675 trying: 2isabelle
guesses: 0 time: 0:00:01:52 89% (2) c/s: 2675 trying: fictioned
guesses: 0 time: 0:00:02:09 (3) c/s: 2643 trying: salach
guesses: 0 time: 0:00:02:28 (3) c/s: 2625 trying: supped
guesses: 0 time: 0:00:04:04 (3) c/s: 2594 trying: mediande


This looks weird. It's not showing percentages now. I'm not sure if this is bad or not. I looked high and low for some documentation for John but I couldn't find much of anything on their website. I don't know if this was because (A) I wasn't looking hard enough, or (B) their website could use an overhaul to make sure the information is easier to find or (C) they don't offer documentation. If they do, I will gladly kick myself in the goodies for posting such a doofus question.

The question is... how long is John supposed to run before I should assume it's not doing anything. And should I be concerned about the fact that it keeps saying "guesses: 0" for all of them. Finally, where can I find some good info about running John on Linux.

Thanks in advance and sorry for such a noob question.

I left it running for a while. here's the new output... sure seems like it's not doing anything.

guesses: 0 time: 0:00:00:06 5% (2) c/s: 2658 trying: mickeys
guesses: 0 time: 0:00:10:16 (3) c/s: 2650 trying: maj75
guesses: 0 time: 0:01:19:56 (3) c/s: 2671 trying: scoopeck
guesses: 0 time: 0:02:27:54 (3) c/s: 2667 trying: todfger

The salts you are reffering too are the different type ie md5 etc,

Depending on the make up of the password it will be quicker to attack for example

dog wouldnt take very long
whereas

h1iU53m3d0d4yp455w0rd5 would take a pretty long time

If you, you can forward me your password file and i'll crack it on my 7 3.2 ghz cluster

(joke i wish i had 1 3.2ghz letr alone 7 in a cluster)

Depending on how long the passwords are, it could take a long time.

If you have a 1 character password, and you include all letters, case sensitive and numbers, then there are 62 possible combinations. If you have 2 character passwords, then there are 62^2 possible combinations. If you have 10 characters, there are 62^10 possible combinations. So it might take a few days to brute-force a 10 letter password.

If you include pound signs, exclamation points, etc, then it can take even longer.

In other words, JTR is a neat toy, but don't count on it to crack a real-life password that someone has made up to be strong and avoid this type of brute-force attack in your life-time. I have seen one of PGP that does the same type of deal. Hmmmmm passphase = password + much longer.... no I don't think I'll be running that one anytime soon.