|
Message-ID: <CAJ9ii1EnGpCJE8kYP9N5pLbMQ5XSpUFdDq_o1JZGMwiJ0CGVkg@mail.gmail.com> Date: Mon, 20 May 2013 15:31:10 -0400 From: Matt Weir <cweir@...edu> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: Re: How to limit the number of guesses? I probably should also forward this previous thread about using JtR's log output to calculate # of passwords cracked as you could use that as well and cut off the number of guesses after your limit: http://comments.gmane.org/gmane.comp.security.openwall.john.user/5982 Matt On Mon, May 20, 2013 at 3:14 PM, Matt Weir <cweir@...edu> wrote: > This is really hackish, but you can pipe the output of JtR into a script > that monitors the number of guesses made, and then pipe that output back > into JtR. Full disclosure I haven't tried this particular script so there > may be bugs. This is just to get you started: > > ./john -stdout -wordlist=password.lst -rules=single | awk '{i++;if > (i>1000000) { exit 4; } print}' | ./john -session=real -stdin > -format=raw-md5 test_passwords.dmp > > Matt > > > On Mon, May 20, 2013 at 3:01 PM, Rafael Veras <rafaveguim@...il.com>wrote: > >> Basically, I would like to stop the session when a # number of guess is >> reached, where a guess consists in testing a single candidate string, >> regardless of being mangled (using rules); that is, mangled guesses would >> count towards the limit. >> >> In my experiment, I have a custom program generating guesses that are >> piped >> to JtR (--stdin mode). >> >> Let's say I want to know how many hits I get after the first 1,000,000 >> guesses in two conditions: >> >> 1) using my custom guess generator >> 2) using JtR with a default wordlist >> >> Thanks, >> >> >> >> On Mon, May 20, 2013 at 2:42 PM, Stephen John Smoogen <smooge@...il.com >> >wrote: >> >> > On 20 May 2013 12:29, Rafael Veras <rafaveguim@...il.com> wrote: >> > >> > > Is it possible to limit the number of guesses tried by JtR? >> > > >> > > I need to compare the efficiency of two wordlists (# of hits) given a >> > fixed >> > > # of trials. >> > > >> > > >> > Are you applying rules? Too little information about what you are >> meaning >> > by limiting of guesses, etc. >> > >> > Normally if I am testing the efficiency of two wordlists, I just test >> the >> > wordlists against a bunch of hashes. THat makes it one guess per word >> per >> > password hash. If I am testing a bunch of rules I run the rules >> against a >> > single word dictionary and then pull out any compound rules (say >> > Az"[a-z][A-Z]") each as a seperate rule and make each rule a ruleset. >> Then >> > you test each ruleset and dictionary 1:1 >> > >> > >> > >> > >> > > Thanks, >> > > >> > > -- >> > > >> > > *Rafael* >> > > >> > >> > >> > >> > -- >> > Stephen J Smoogen. >> > >> >> >> >> -- >> >> *Rafael* >> *http://vialab.science.uoit.ca/portfolio/rafael/* >> >> >> >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.