# -Solved- John the Ripper time to crack all 8 char words

## OdinsDream

When John the Ripper is running, there's a value labelled "c/s"

is this Crypts per Second, Characters per Second, or what?

I'm running an incremental job, and I wanted to get an idea of the estimated runtime. I did some calculations assuming that the c/s was the number of passwords checked per second. I came up with many thousands of years as a runtime. I hope I didn't do something wrong. heh...

Any ideas? Here's a line of the output:

```

guesses: 0  time: 4:21:21:54  c/s: 88243  trying: JRNny4s - JAnzsy3

```

----------

## waverider202

C/S is crypts per seconds.  You didn't think you were gonna hack the world, now did you?  It seems really slow, but the hashes used by linux/bsd are very strong.  My best advice for you is to run the program on a bunch of passwords at once.  jtr will crypt a password, then try it against every crypted password in the file.  If you run jtr against a file with 1 password in it, waiting for it to finish, it'll take you milenia to crack passwords.

----------

## casper

broot hacking takes a looooot of time. That's why people use clusters for that :-p

 *Quote:*   

> waverider202
> 
> Location: Drexel University

 

what year are you?  :Smile: 

----------

## OdinsDream

 *waverider202 wrote:*   

> C/S is crypts per seconds.  You didn't think you were gonna hack the world, now did you?  It seems really slow, but the hashes used by linux/bsd are very strong.  My best advice for you is to run the program on a bunch of passwords at once.  jtr will crypt a password, then try it against every crypted password in the file.  If you run jtr against a file with 1 password in it, waiting for it to finish, it'll take you milenia to crack passwords.

 

Hardly trying to hack the world, here. So, am I doing my math right here?

88243 * 60 * 60 = 317,674,800 crypts/hour

Possible 8-char combinations, given 102 key keyboard (conservative, I know):

102^8 = 1.17 x 10^16

So, that's 36,882,352 hours to exhaust keyspace...which comes to...

4,210 years?

----------

## puddpunk

Well, considering a 102 key keyboard contains over 20 chars that do not create printable characters, that result is a high estimate. According to the study below, there are 64 "typeable" chars on a keyboard that can be used in passwords.

Here's a little tidbit I found on relative password strength and cracking times:

```
Password lengths from 3 to 12 are shown. The numbers at the top, 26 - 94,

indicate the number of characters from which the passwords are formed.

26 is the number of lower case letters, 36 is letters and digits,

52 is mixed case letters, 68 is single case letters with digits, symbols

and punctuation, and 94 is all the displayable ASCII characters including

mixed case letters. The times shown are the times to process the entire

set of passwords thus the average time to crack passwords would be one

half the listed times.

100,000 passwords/second.

        26               36                52          

 3 0.18 seconds     0.47 seconds      1.41 seconds  

 4 4.57 seconds     16.8 seconds      1.22 minutes  

 5 1.98 minutes     10.1 minutes      1.06 hours    

 6 51.5 minutes     6.05 hours        13.7 days     

 7 22.3 hours       9.07 days         3.91 months   

 8 24.2 days        10.7 months       17.0 years    

 9 1.72 years       32.2 years        8.82 centuries

10 44.8 years       1.16 millennia    45.8 millennia 

11 11.6 centuries   41.7 millennia   2,384 millennia 

12 30.3 millennia  1,503 millennia 123,946 millennia 

              68                   94 

 3      3.14 seconds           8.3 seconds

 4      3.56 minutes          13.0 minutes

 5      4.04 hours            20.4 hours

 6      2.26 months           2.63 months

 7      2.13 years            20.6 years

 8      1.45 centuries        1.93 millennia

 9      9.86 millennia         182 millennia

10       670 millennia      17,079 millennia

11    45,582 millennia   1,605,461 millennia

12 3,099,562 millennia 150,913,342 millennia
```

Source

----------

## kashani

The point of the John the Ripper is to get the easy passwords. This ain't Windows NT here with a weak hash that can be brute forced in mere days. I wouldn't even try John as a brute force cracker against good *nix password hashes, which is why it primarily is used in its dictionary mode. 

John is normally used by sys admins to make sure that users with weak passwords, anything that John finds within a few weeks, get changed.

kashani

----------

## waverider202

Casper, I'm a 3rd year Computer Science major on my second co-op.

----------

