Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120605165830.GB19221@openwall.com>
Date: Tue, 5 Jun 2012 20:58:30 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: incremental question

On Wed, May 30, 2012 at 09:21:19AM +0200, pierzi wrote:
> 0:02:48:42 - Expanding tables for length 8 to character count 22
[...]
> So as far as I understand this means that incremental mode doesn't use
> entire character count for desired mode at start (36 for alnum in my case),
> it' simply expanding it one by one?

Yes, kind of.  The number reported refers to different character
indices, though, which is not exactly the same as different characters.
This is difficult to grasp, but luckily you probably don't need to.

> Now i know that this is method is probably based on some statistics and
> it's probably good for non-random generated passwords. But using it with
> random-generated passwords like:
> 9amxpgdr
> e9naioai
> fn0sceur
> j0nkae0n
> kuuhr9fw
> m0d9npwc
> qwrn9ssm
> tbpo9gtx
> vnnxjnen
> xaf0fkpj

These passwords might not be as random as they look.  You could want to
generate a custom .chr file from them and see if this speeds up further
cracking - it might.

> john needs expand character count to 36 to crack all of them

Most likely, yes.

> (or course if a=1 and 0=36)

It's a lot trickier than that.

> ...Now wouldn't be faster to start incremental mode with
> char. count=36 at start?

Theoretically, yes, but that overhead is negligible.

> Is it even possible to do it?

With incremental mode, no.  What you're looking for is a dumb exhaustive
search mode.  You could try the external DumbForce mode, but I recommend
that you simply continue with incremental.  You really shouldn't care
about saving a few seconds in a John run that will take days.  Other
things will have far greater effect on success rate and total run time.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.