Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CADkMHCnSuoD8jUaKhAWVRNE6fTJ_BxV0KDnDDWayvGw-CcX7zQ@mail.gmail.com>
Date: Fri, 30 Dec 2011 10:57:24 -0700
From: RB <aoz.syn@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: New User - Some JtR questions.

On Fri, Dec 30, 2011 at 09:53, APseudoUtopia <apseudoutopia@...il.com> wrote:
> I have a Win7 system that uses NTLM hashes. I also have a FreeBSD
> system, which uses blowfish for root and md5 for my user account. I
> was wondering which would be fastest/easiest to crack in incremental
> mode? Yes, I do know that it probably will take an extremely long time
> (months?) to crack a long password, but I'm just curious to run it for
> a couple days and see what happens.

If you can extract the LM hashes, you'll go extremely fast, and
depending on the processor[s] you have available could probably
complete in "a couple" of days.  Beyond that, MD5 is faster than
blowfish, by a significant measure.

> I have already tried all three hashes (NTLM, Blowfish, and MD5) using
> both single and wordlist modes (using the "all" wordlist). I was
> wondering if it would be worth it to search a larger wordlist out on
> the internet and try that?

Sometimes.  There are multiple historical discussions on this list
about what constitutes a good word list and whether some are any
better.

> What can I do to give john "hints" to speed up the process? For
> example, I know the passwords I use are all lower-case letters, with a
> couple numbers appended to the end. Is there a trick to setting the
> wordlist rules to do this? Or even in incremental mode?

Assuming they're not single dictionary words, see the 'Alnum'
incremental modes.  You could also write a filter, but depending on
your experience level just using the less-efficient (but preexisting)
mode will probably be the most expedient approach.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.