Continuing with password cracking playlist… Today, am gonna talk about john the ripper, a very good tool to crack password. Now in one of the previous articles, I talked about hashcat being the fastest tool and if that’s so why considering other tools? I am going to answer that too so just stick with me to the end.

The John

John the Ripper(JTR) is designed to be both feature-rich and fast. It combines several cracking modes in one program and is fully configurable for your particular needs (you can even define a custom cracking mode using the built-in compiler supporting a subset of C). Also, John is available for several different platforms which enables you to use the same cracker everywhere (you can even continue a cracking session which you started on another platform).

Is he the PRO?

JTR has a pro version too. Checkout there website. Actually, if your work is in cracking normal level hashes through brute-force, you definitely don’t need the pro. But hey $40 is what you can all spend if you’re in the field of cracking. Now this is not a promotion, and if you’re like me, i.e. doing cracking for a general purpose, then the free version is sufficient. However, before you ask, the pro version has the following features:

  • It supports many password hashes, that are not included in the free version, and you can find about them here.
  • For windows, it has a whole new version called the hash-suite.
  • Also, it supports to run on some extra distributions, which are termed to be used as industry based.

JTR vs Hashcat

Now, comes the part where we talk about, which one is better… Or to be precise, what are the basis on which we classify them as the winner. To understand this, let’s first jump to the basics…

Graphical Processing Unit(GPU) is nothing but a processor, installed in a system to render graphics… Now who thought, that the power of GPU could be this much, that if utilized with a bit of out-of-the-box thinking… It can help a tool like hashcat. To become the world’s fastest cracking tool. This is true, that using only the GPU, hashcat does such fast calculations that anything can be cracked in seconds, even with long wordlists like rockyou.txt.

On the other hand, our friendly neighbourhood john, is also a powerful tool of it’s era, and with correct support john can beat hashcat easily. How? This is because john has it’s logic in such a way, that when executing and forcing various passwords using the memory and it’s CPU processing power he can.

In short words, john was customized to work with CPU for cracking passwords, whereas the hashcat (in its earlier days of release) was only a tool to work with the graphical processing power, the developers now made it to work with CPU as well, but at cost of reduced efficiency. You see, here the JTR wins… on the grounds of CPU. But hashcat, is also a winner when it comes to cracking the passwords with GPU.

Now to summarize, if you don’t have a powerful GPU. You should go with JTR. But if using you can afford a powerful GPU. Hashcat is your clear winner. Depending upon what processor, how many cores, you have, choose your tool. According to me, both the tools are equally important, because no matter what, you will always be in a situations, even on the grounds where hashcat will be the winner on CPU (not JTR, because it doesn’t support cracking with GPU).

If you want any more such articles let me know, I will be happy to share knowledge, with you.

Nehh, just a n00b