Openwall Community Wiki john

Some cryptographic algorithms explained

The following wiki pages were contributed by Alain Espinosa. They're full of English grammar errors (Alain is obviously not a native English speaker) - please feel free to correct those. The cryptographic algorithms being described are supported in “jumbo patches” for JtR. Other than that, they're not specific to JtR.

MD4 Algorithm

MD4 Algorithm Description wp>MD4 is an hash algorithm (the four in series) created by Ronald Rivest in MIT at 1990. The hash has a length of 128 bits. The algorithm has influenced posterior design like wp>MD5, SHA family and wp>RIPEMD. Algorithm Based on RFC 1320.

MSCash Algorithm

MSCash Algorithm Description What happens when you are in front of a wp>Windows machine, which has a domain account and you can't access the domain (due to network outage or domain server shutdown)? wp>Microsoft solved this problem by saving the hash(es) of the last user(s) that logged into the local machine. These hashes are stored in the Windows registry, by default the last 10 hashes.

NTLM Algorithm

NTLM Algorithm Description This is the format for save the passwords in modern wp>Windows. The hash length are 128 bits and work for local account and Domain account (Active Directory account). Algorithm Parameter: Message which is the string to hash. Output: Hash value which is a 128 bits value(4 integers of 32 bits).

John the Ripper benchmarks

Initially, this page will be the place to collect and share trivial john --test benchmarks on different systems. At a later time, it may make sense to turn it into a namespace with sub-pages for john --test benchmarks (only c/s rate matters) and actual cracking runs (lots of things matter). Also, the underlying data may be uploaded/collected (e.g., exact john --test outputs, /proc/cpuinfo off of Linux systems, john.log files).

Custom builds of John the Ripper

Listed below are user-contributed custom builds that have been uploaded directly to this wiki. They have not been verified by the Openwall team in any way. Please use them at your own risk. For user-contributed custom builds that have been briefly looked at by Openwall file archive administrators, please refer to the contributed resources list on the JtR homepage and to per-OS subdirectories of the john/contrib/ directory in the file archive. Nevertheless, your possible use of those is also …

JtR Development

This section contains information useful for those who might wish to understand the internals of JtR, or develop new functionality. JtR compilation process explained If you're new to JtR as I was, you might find yourself with nice clean compiles that run 'out of the box' (thanks to the design), but no idea what's really going on in the compilation process. If you want to put the JtR code into an IDE like NetBeans to understand this software better by debugging it, you'll need to know more abo…

How to extract John the Ripper source code from tarballs

John the Ripper source code is distributed in the form of tarballs (tar archives) compressed with either gzip or bzip2. On a Unix-like system with GNU tar (or on Cygwin if you use Windows), please use the following command for gzip-compressed tarballs:

John the Ripper licensing

John the Ripper is released under GNU GPL v2, with portions also available under more relaxed terms. John the Ripper Pro is released under a commercial license. Now, as it relates to code contributions from the user community, which is the primary topic for this wiki page, things get trickier. Many contributors did not care to either explicitly place their code in the public domain or include/specify a license for it. This has been addressed by a Debian package maintainer approaching the con…

Most useful and currently relevant excerpts from john-users mailing list

The subscription instructions for the john-users mailing list and links to full archives are available on the JtR homepage. The unsubscription instructions are available on this wiki. The following are links to some selected postings: * Cracking SMTP's AUTH CRAM-MD5 exchanges (2010/07/27) * Cracking sniffed LM and NTLM challenge/response exchanges (2010/07/09) * Bitslice DES parallelization with OpenMP for multi-salt crypt(3) (2010/06/30) * ...and for single-salt crypt(3) and LM has…

Markov generator

The assumption behind this theory is that people can remember their passwords because there is a hidden Markov model in the way they are generated. This paper was the source of inspiration for this patch. The basic hypothesis is that the probability that a letter appears at position n is a function of the letter at position (n-1) . This models the fact that it is more likely to find after a c the letter h than the letter z.

Parallel and distributed processing with John the Ripper

One of the most common questions in the computing domain is “Can I use multiple processes or cores to increase speed?” In particular, problems that are time-sensitive or would take a relatively unreasonable amount of time to solve (wp>NP-complete) receive a lot of attention; password cracking is no different.

Contributed patches for John the Ripper

This is the page and DokuWiki namespace to upload unofficial JtR patches to (yes, the wiki supports file uploads). Please do. Links to external websites with JtR patches are also acceptable. Significant updates to this wiki page (such as newly added patches) are to be announced on the john-users mailing list (in addition to updating the wiki page, not instead of that).

!!!OLD!!! Contributed patches for John the Ripper

NOTE, 'current' patches are found at Contributed patches for John the Ripper These are 'old' patches. Kept here for history. These were released on the Wiki, and when outdated by v2 (or replacement) diffs, the old stuff should be dropped here.

Sample password hash encoding strings

This wiki page is meant to be populated with sample password hash encoding strings and the corresponding plaintext passwords, as well as with info on the hash types. Relevant file formats (such as /etc/passwd, PWDUMP output, Cisco IOS config files, etc.) may also be mentioned.

John the Ripper step-by-step tutorials for end-users

Tutorials maintained on this wiki: * Cracking/auditing user passwords on recent Ubuntu, Fedora, and some Solaris 10+ (SHA-crypt) (basic to intermediate) * How to retrieve and audit password hashes from remote Linux servers (intermediate) External links (English):

How to unsubscribe from the john-users mailing list

If you ever wish to unsubscribe from the john-users mailing list, you may do so by sending any message (empty will do) from your subscribed address to and then “replying” to the automated confirmation request (this is needed to prevent someone else from unsubscribing you).

John the Ripper advanced usage examples and compile-time hacks

Usage examples First of all, you ought to have a look at the examples included in the official documentation for JtR. This wiki page is for additional usage examples, hopefully more advanced ones. * How to instantly crack NTLM hashes (case-sensitive) given cracked LM ones (2006/07/08)