Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Apr 2013 22:15:52 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: What am I doing wrong?

On Fri, Apr 5, 2013 at 9:55 PM, Sandra Schlichting <littlesandra88@...il.com
> wrote:

> I see. --show was the problem, and now I am also using Jumbo I compiled my
> self =)
>
> Is it possible to have it only search for combinations of a-z, A-Z, and
> '-'  ?
>
Yes, you can use an external mode to do it through "dumb force" (aaa, aab,
aac, aad etc..), do you know how long they will be? The all possible
combinations can be tried in minutes, days, months, years depending on
length. The incremental and markov modes choose strings based on
likelihood/statistics rather than just iterating through every possible
combination in order. If the passwords are going to be over 8 characters,
you will have to re-compile john so that it's incremental mode will work
with more than 8 characters. Markov does not use the .chr files so it
wouldn't be limited or need to be compiled to support longer lengths but it
does have to be trained.
http://openwall.info/wiki/john/markov (patch not needed if using latest
sources)

You can train your markov stats on prefiltered wordlists that only contain
the characters your looking for, and incremental as well.These should be
faster methods than old brute foce aka dumb force. Might also be a good
idea to use pure alpha word's from wordlists, and simply overstrike and or
insert "dashes" in various places. I can help on the dumbforce, incremental
and probably a gew wordlist rules but I've never used markov myself. If you
have more info about these hashes it might help choose which methods to use.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.