Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <43E0DDFB.5000503@banquise.net>
Date: Wed, 01 Feb 2006 17:12:43 +0100
From: Simon Marechal <simon@...quise.net>
To: john-users@...ts.openwall.com
Subject: Re:  Re: roadmap

Solar Designer wrote:
> Also, I've been considering adding a "dumb" mode which would search a
> keyspace sequentially (this is what some other password cracker programs
> call "brute force").  The rationale would be to get slightly higher c/s
> rates for really fast hashes (such as LM hashes) in those rare cases
> when a keyspace is actually meant to be searched exhaustively and it is
> somehow not desirable to get some passwords cracked early on.  It would
> also permit for fair c/s rate comparisons against "competing" crackers.
> And it would satisfy the demand for trying passwords consisting of
> particular character sets that do not match the provided .chr files,
> without having to generate custom .chr files out of fake john.pot's
> (even though most of the time such requests are misguided).

I do not believe this would be useful except from a "marketing" point of
view. John's incremental mode will almost always get you passwords earlier.

"Dumb" mode should only be used when you know you're gonna search a full
keyspace (or you'll never have passwords beginning by "z"). It will most
of the time be a bad idea to try all 8 characters chars on a single host
(years of calculations depending on the number of salts), and you'll
want to distribute the work.

It might be nice if it is possible to prepend a user defined string,
making it possible to manually distribute the load. (and it is sometimes
possible to infer the first bytes of a password from other sources,
having this option would be better than the current "perl script | john
-stdin" I use)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.