Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 May 2005 23:09:43 +0400
From: Solar Designer <>
Subject: Re: Fastest Crack of known password length

On Mon, May 23, 2005 at 02:14:39PM -0400, James wrote:
> Kind of hard to reset Root ;)

If you have physical access, it is trivial to reset the password,
unless special measures have been taken to prevent this very attack
(but this is very uncommon).

> As far as big wordlist I've tried that one and
> let it run forever it seems (over a week)

This is impossible.  It takes around 10 minutes to run all.lst with
the default set of rules against a single traditional DES-based hash,
on a single modern CPU with the current development version of John
built in an optimal way for your system.  If you use John 1.6 and/or
build it non-optimally and/or run this on an older system, this may
take hours.  But not days.

You must have been running "incremental".

> and since I am pretty sure the
> password is not word based it was unable to crack it. This is why I was
> thinking of an incremental against a known length of 8.


> One PC was set to incremental the other wasn't.

With the commands you've mentioned, one was running in batch mode
(meaning: "single crack" -> wordlist with rules -> "incremental"), the
other in "incremental" right away.  Both must have been running in
"incremental" after a few minutes.

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.