Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20100901215336.GA4571@openwall.com>
Date: Thu, 2 Sep 2010 01:53:36 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Noob question: how to feed 10 alphanum char min&max incremental to aircrack when "MaxLen = 10 exceeds the compile-time limit of 8"

On Wed, Sep 01, 2010 at 07:28:22AM +0000, Mr Ex wrote:
> john --stdout --incremental:alnum | aircrack-ng (etc etc...)
[...]
> But for what I want to do, feeding, nothing to do with hashes, 10-only and 
> alphanum only seems reasonable..?

No, it does not seem reasonable.  aircrack-ng will only be able to test
a relatively small number of candidate passwords per second, so you'd
only search a very small fraction of the "10-only and alphanum" keyspace
during your lifetime.  Incremental mode's smart ordering of candidate
passwords is of some help to improve your chances of a successful crack,
though - from "negligible" to "almost negligible".

(For fast-to-compute password hashes - e.g., Windows passwords - this
would be very different.)

If you must, this old posting referenced by Rich has the complete set of
params.h settings for you to use:

http://www.openwall.com/lists/john-users/2007/07/04/6

The very first set of settings ("for lengths up to 10") will be it.
Then you put something hopefully-relevant into your john.pot (see one
example with all.gz in the above posting) and generate a new .chr file:

john --make-charset=alnum10.chr --external=filter_alnum

Finally, you add an incremental mode section that will use alnum10.chr.

However, for attacking "something slow" and for a likely relatively long
password, you should really focus on using wordlists instead.  If the
target password is not crackable with wordlists with rules, if it is 10
characters long, and if candidate passwords are slow to test - that is,
if all three of these are true at once - then you're out of luck
cracking the password.  You may improve your chances somewhat by
questioning your assumptions - are you 100% sure that the password is 10
characters long, or are you maybe only 99% sure?  In the latter case,
you have an up to 1% chance of cracking the password by trying shorter
lengths instead - and 1% is pretty good compared to what you'd achieve
if you approach the task like you had proposed.

I hope this response helps, and I hope you do not find it discouraging.
I did not mean it as such. :-)

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.