Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 28 Aug 2008 03:43:44 +0400
From: Solar Designer <>
Subject: Re: generating a wordlist with john

I am sorry for not commenting on this earlier.  I was hoping that
someone else would, and in fact I wanted to encourage that...

On Wed, Aug 20, 2008 at 03:23:33PM -0400, Adam Turk wrote:
> I am running into an issue with john 1.7.2 for Linux.  If I use the command:
> john --incremental=All --stdout=1
> I get 96 words
> Shouldn't it be 95?  26 lower + 26 upper + 10 number + 33 specials = 95

96 is correct.  That's one empty password (because the default
definition for "[Incremental:All]" has "MinLen = 0") plus the 95
passwords that you mention.

> If I use:
> john --incremental=All --stdout=2
> I get 9121 words

That's 1 empty password plus 95 passwords mentioned above plus 9025
two-character passwords.

The same applies to your three-character example.

> Am I doing something wrong?

It depends on what you're trying to achieve.

The --stdout option does not specify a minimum length; its parameter
only tells John to truncate passwords at the specified length (and John
is smart enough to not even generate longer passwords most of the time).
If you want to enforce a minimum length, you need to adjust MinLen
(specific to "incremental" mode), use an external filter() (along with
any other cracking mode), or use an external program such as grep.

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.