John the Ripper F.A.Q.========================Q: Why "John"?A: Why not?Q: Why "the Ripper"?A: That was Lost Soul's idea. Ask him.Q: Is John the Ripper better than Crack?A: Decide yourself: John is faster, and has some extra features, but Crackis certainly good also.Q: Is John the Ripper better than Star Cracker?A: In fact, Star Cracker v1.0 is very similar to John v1.4: the main thingthat differs is their release date, so I even wondered -- why make anotherinstance of John. ;-) I won't go into detail now, but we obviously sharedsome ideas (nothing bad here), and John v1.4's DES routines are used in *C(with my permission). IMHO, both crackers had the same design problem: noeasy way to add totally new algorithms in, such as new ciphertext formats,and bitslice DES. By the time of *C v1.0 release, I was thinking of a newJohn structure that would allow implementing all the new good ideas at thesame time. So I contacted The SOrCErEr, and we decided that I continue thework on John v1.5, while he moves to doing other stuff instead of workingon future versions *C, since doing the same thing twice would be a wasteof time, in my opinion. Now that John v1.5 sources are split into modules,and are far easier to understand (I hope), it is possible for others, andThe SOrCErEr (who is obviously a talented coder), to join the developmentof an even better password cracker. We'll see. For the original question:I think that John v1.5 is now better than *C v1.0.Q: Is John the Ripper better than Cracker Jack?A: Yes.Q: Will there be a Pentium optimized version of John?A: You've got it already.Q: How can I test John's password hashing routines for proper operation?A: John always tests itself when you run it on a password file and reportsif an error occurs. If you need just to test all the routines, use John's'-test' command line option.Q: How do I use a cracking mode, see the passwords it cracked, etc?A: See doc/EXAMPLES. :-)Q: Why doesn't John load my password file? It says 'Loaded 0 passwords'.A: Your password file is probably shadowed. You need to get both passwdand shadow files, and combine them into one for use with John. Also, youmight get the same message if your password file or ciphertext format isnot supported by John.Q: How do I unshadow?A: See doc/EXAMPLES on how to combine your passwd and shadow files. If youdon't have root access, there's no answer for you here. ;-) This isn't thepurpose of this FAQ. You'd better just erase John if you asked that.Q: Why doesn't John display a progress indicator for the incremental mode?A: Do you really want to see a 0% all the time? You probably need to readdoc/MODES once again if you asked this.Q: Why does John display meaningless c/s values while cracking, instead ofreal crypt()s per second rate?A: The values displayed by John mean combinations (of login and password)per second, not crypt()s per second. This is the effective cracking speedyou get on particular password files, and may be useful, for example, toadjust the value you use with the '-salts' option. If you want a benchmarkof the password hashing routines only, use the '-test' option.Q: I just noticed that the c/s values shown while using incremental modeare a lot less than they're in other cracking modes. They're even lessthan they were in John v1.0. What has happened?A: You're probably running John for a few seconds only. My new incrementalmode implementation uses large character sets which need to be expandedeach time John switches to a different password length. Fortunately, thisis only noticable when John has just started, since it rarely switches toa new password length when cracking for some hours already. I think thisisn't a high price for the better order of password tries.Q: Does John support parallel processing?A: I have a separate project for that. There's no real parallel processingsupport in John right now, but you can however use an external word filterfor that purpose -- see the default configuration file for an example.Q: Where do I get the wordlists?A: You can find some at ftp://sable.ox.ac.uk/pub/wordlists.Q: What is the primary site for John?A: http://www.false.com/security/john/.Q: How can I contact you?A: See doc/CREDITS.