Sometimes the attacker was faster sometimes he was slower. This means that if you generate one million such passwords, and each time get the attacker to crack the chosen password, and then sum up all the times taken and divide by one million, then you will find that average times. If your password is chosen "at random" (uniformly) in a set of N possible passwords, then the average attack time will be the time it takes to compute N/2 hashes (with whatever hash function is used in your specific situation).
John the Ripper will use the provided word list, and then try "variants" of the said words, in some order which may or may not be representative of what an attacker will do.
The attacker will try a lot of passwords, and may be lucky. The important thing to understand is that password cracking time is an average. I noticed that when I do a longer cracking and press Enter in between (to show the current progress) I get a different list shown here: Using default input encoding: UTF-8Ġg 0:00:09:18 95,89% (ETA 09:27:46) 0g/s 1582Kp/s 1582Kc/s 1582KC/s 7Cbi8.
Press 'q' or Ctrl-C to abort, almost any other key for status 9999Ĭomplete output (typed, not copied, so there might be errors) Using default input encoding: UTF-8 Mean that john tried all the words in the range between 99CS and 9999? Or what should I read from this?īackground is that I have generated a wordlist with a range from aaaa to 9999 (and some modifications inbetween, that's why normal bruteforcing won't work) and then called john like this john -wordlist='wordlist.txt' -format=HMAC-SHA256 jwt.txtĪnd I would have expected the output to show asĠg 0:00:00:08 DONE ( 06:00) 0g/s 1665Kp/s 1665Kc/s 1665KC/s aaaa. Does the result output line of john the ripper show all the words tried?Ġg 0:00:00:08 DONE ( 06:00) 0g/s 1665Kp/s 1665Kc/s 1665KC/s 99CS.
0 kommentar(er)
