Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20121114042400.GA3237@openwall.com>
Date: Wed, 14 Nov 2012 08:24:00 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: How does incremental mode works?

On Tue, Nov 13, 2012 at 09:54:28AM -0500, Rich Rumble wrote:
> Incremental mode does not repeat, or it tries very hard not to,

Incremental mode produces no repeating candidate passwords at all.
However, if you run different .chr files with overlapping characters
between them, then there will be overlapping candidate passwords across
the 2+ runs.

> other modes however are more prone to repeating and unique isn't going to
> keep that from happening.

I think Richard was going to use "unique" on the generated candidate
passwords, not on the input wordlists.  doc/EXAMPLES includes this:

	john --wordlist=all.lst --rules --stdout | unique mangled.lst
	john --wordlist=mangled.lst mypasswd

> Certain wordlist rules will produce the same
> candidates even if the words are all unique. This isn't that big a
> deal, when doing an audit I know I produce the same candidates, but I
> also produce enough different one's that it's worth it. If you run JtR
> simultaneously on two different computers, and there are repeats I
> find it's not wasting as much time.

Right.  I guess you're mostly attacking fast hashes, though, which is
why you don't care about the time wasted on some duplicates. :-)

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.