Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 May 2005 14:14:39 -0400
From: "James" <>
To: <>
Subject: RE: Fastest Crack of known password length

Kind of hard to reset Root ;) As far as big wordlist I've tried that one and
let it run forever it seems (over a week) and since I am pretty sure the
password is not word based it was unable to crack it. This is why I was
thinking of an incremental against a known length of 8.

One PC was set to incremental the other wasn't. Wasn't sure which would get
there first. As far as running it against a single user hash all the users
(well all but a few) have the same hash including root. I figured by setting
it to work just that one hash again it would run a bit faster.

This is somewhat a test to compare various attacks against passwords.
Knowing a Windows sam file takes just minutes to crack 90% of the time
because of weak passwords I wanted to see what John could do against a
harder Linux password file so I got one where I don't know the password so I
can't cheat by being creative in a wordlist.


-----Original Message-----
From: Solar Designer [] 
Sent: Monday, May 23, 2005 12:12 PM
Subject: Re: [john-users] Fastest Crack of known password length


On Tue, May 17, 2005 at 08:51:36AM -0400, James wrote:
> What is the fastest method of cracking a password of known length 
> where the password is:
> 1. Linux Shadow file
> 2. DES
> 3. Mostly likely is not word based and includes at least 1 standard 
> keyboard character.
> 4. Of a known length or at least do a progressice crack where I try 8, 
> that fails then I'll try 9, etc.

You need to realize that the traditional crypt(3) DES-based hashes truncate
passwords longer than 8 characters.  So even if you think that your password
is longer, it really is not.

It should be quick enough to run through a wordlist with mangling rules for
just a single traditional DES-based hash, so you do not need to apply any
length restrictions there.  Just pick a large enough wordlist (such as the
"all.gz" available off and do:

	./john -w=all.lst -rules pwfile

Then proceed with "incremental" mode.  You specify the known length by
setting the MinLen and MaxLen parameters to it.  That's done in a section
such as "[Incremental:All]", which you may copy under a different name and
customize.  Then pass the new name from the command line, such as:

	./john -i=custom pwfile

Where the custom section is:

File = $JOHN/all.chr
MinLen = 8
MaxLen = 8
CharCount = 95

(the "$JOHN/..." syntax is for a 1.6.x development version).

> I'm running
> john -users:***** -format:DES pwl

That's fine.  Please be sure to use a recent development version and build
it with support for MMX or AltiVec (if you're on x86 or PPC) for a
significant speedup.

You shouldn't have to specify the "format" explicitly, although your doing
so doesn't hurt.

> Right now on one PC and
> john -users:***** -format:DES -i:ALL pwl
> On another.

This doesn't make sense.  You have both PCs do the same thing.

> I've edited the ini to sent all min. lengths to 8 but does that do 
> what I think?

Yes, perhaps (depending on what you think it does, of course).

Why are you running John against a single password hash, though?
Maybe it'd be simpler to reset the password?

Alexander Peslyak <solar at> GPG key ID: B35D3598  fp: 6429
0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 -
bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.