Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <AANLkTimvGYn1TdsywFVg=2OyHTrwO1Hw+MX+r=dQNnLo@mail.gmail.com>
Date: Mon, 6 Dec 2010 22:31:02 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: pwgen

When generating a chr file, is it best to use a pot as large as possible, or
should it be tailored to the task at hand... Meaning I'm trying to crack the
output.txt I created from Brads list of pwgen passes, but without using the
passwords that are found in the output.txt file. I'm wondering if the windows
version might offer more entropy than it's CLI cousin?

The windows version of pwgen has an entropy that is variable based on mouse
clicks and typing on the GUI. I've generated a few lists, hashed and then
cracked them all into a john.pot file. Then generated the chr files. These
lists did not use Brad's list these were all unique passes I used pwgen to
generate.
I then used -i=pwgen (my custom mode in my conf) and
running for 6hrs so far no cracks on the output.txt file. (new john.pot as
well). If I generate chr files off of output.txt, I crack lots very quickly
with it tapering off as would be expected. I'm linking the passwords and hash
file for others to test against. I'm not sure if the windows version differs
much from the *nix version. So far I see no CLI commands unless I run the *nix
version in cygwin perhaps. Just thought I'd mention there could be a
difference. I am also generating passwords using all 95 characters.

You can find the list of passwords generated here: (10k passwords)
http://xinn.org/pwgen-jtr/pt-input.zip

And the hashed file here.
http://xinn.org/pwgen-jtr/lm_ntlm.zip

-------
[Incremental:pwgen]
File = $JOHN/pwgen-all.chr
MinLen = 8
MaxLen = 8
CharCount = 95
-------
(enthropy bits = 1759/256) <-- according to GUI at time of generation
http://pwgen-win.sourceforge.net/manual.pdf
-------
john.exe lm_ntlm.txt -format=NT -w=pt-input.txt
...
10000 password hashes cracked, 0 left

C:\john-1.7.6-9>john.exe --make-charset=pwgen-all.chr
Loaded 10000 plaintexts
Generating charsets... 1 2 3 4 5 6 7 8 DONE
Generating cracking order... DONE
Successfully written charset file: pwgen-all.chr (95 characters)

C:\john-1.7.6-9>john.exe output.txt -format=NT -i=pwgen -session=pwg
... 6hrs (waiting:) again no output.txt passwords were used in the
generation of the chr file.
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.