Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <1231644328.3331.52.camel@firefly>
Date: Sat, 10 Jan 2009 21:25:27 -0600
From: Steve Bergman <sbergman27@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Clarification desired on modifying incremental
 mode to handle 9 chars

Thank you very much for those clarifications. (And also for your
response to my previous query.) Yes, my plan was to use any new .chr
file only for the core running length 9 checks.

The exercise I have set for myself is this:

I have a single md5 hash (obviously, with a single salt) in a shadow
file on an old machine I don't use anymore. I set this password myself,
and haven't the foggiest idea what I set it to so long ago. (Yes, I
could just edit the passwd file if I really cared. But this is for
educational amusement and as a vehicle for learning more about john. I
like having a concrete application.)

On my Q6600, what I have done is followed your recommendations from
various threads and assigned length 8 to one core, length 7 to another,
length 6 to another, and 0-5 to the remaining core.  (BTW, looking over
the progress in the logs, I'm pretty satisfied as to that distribution
of work.) This is using the default 95 char range, since I think this
might be a reasonably good password. In 15 hours, if I am reading the
logs correctly, it has polished off all the length 1, 2, 3, and 4
checks, as each of those has gotten to "character count 95".  (Length 5
is at 58, length 6 is at 31, 7 at 19, 8 at 13.)

Indeed, the 8 character search space is already mind-boggling. And 9
would be 95 times that. I'm hoping that john's "work smarter, not
harder" strategy might come though. If it doesn't, that's OK, too. It is
nagging me that I may very well have set a nine character password.  And
I don't think I would have set one to less that 6 chars. So at some
point, I may move the 0-5 length session to a slower machine and try out
9 length for a while on the freed up Q6600 core. But I understand what
you are saying about it being suboptimal use of the core.  The mind does
not deal with scale well, and "95 * unthinkably_huge" doesn't seem that
much larger than just "unthinkably huge". But human psychology keeps
saying "try it, anyway". ;-)

My best guess, however, is that the password might be exactly 8
characters, with a single numeral or special character, possibly at the
end, as I think I was tending to do that back then. 

I'll have a look at that wiki link.

-Steve



-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.