Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Aug 2016 13:32:38 -0500
From: Skip Montanaro <skip.montanaro@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: How long should I let JtR munch?

On Wed, Aug 10, 2016 at 12:57 PM, Frank Dittrich <frank.dittrich@...lbox.org
> wrote:

> did you verify that john is able to crack those hashes when you provide
> a word list with the correct passwords?
>

I believe so, but perhaps not in the way you think. I originally generated
a stupid password file where the plain text passwords were in the user
field (making sure that the passwords didn't contain colons). I cracked
them immediately. In the current run, I made the user field "user1",
"user2", and so forth.

So, I do think it am doing the right thing. Still, this is the sort of
thing which worried me as a novice JtR user, making sure my input was
correctly formatted.

If anybody would like to verify that my fake password files are properly
formatted, I'd be happy to generate a few passwords with the plain text
password in the GECOS field.

Thanks for the reference to the doc/MARKOV file. There are many details to
absorb as a new user. I must admit that I was hoping to approach JtR as a
black box with which I could test the general strength of my passwords, and
not wade too deep into various implementation details.

Skip

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.