Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAJ9ii1EnGpCJE8kYP9N5pLbMQ5XSpUFdDq_o1JZGMwiJ0CGVkg@mail.gmail.com>
Date: Mon, 20 May 2013 15:31:10 -0400
From: Matt Weir <cweir@...edu>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: How to limit the number of guesses?

I probably should also forward this previous thread about using JtR's log
output to calculate # of passwords cracked as you could use that as well
and cut off the number of guesses after your limit:

http://comments.gmane.org/gmane.comp.security.openwall.john.user/5982

Matt


On Mon, May 20, 2013 at 3:14 PM, Matt Weir <cweir@...edu> wrote:

> This is really hackish, but you can pipe the output of JtR into a script
> that monitors the number of guesses made, and then pipe that output back
> into JtR. Full disclosure I haven't tried this particular script so there
> may be bugs. This is just to get you started:
>
> ./john -stdout -wordlist=password.lst -rules=single | awk '{i++;if
> (i>1000000) { exit 4; } print}' | ./john -session=real -stdin
> -format=raw-md5 test_passwords.dmp
>
> Matt
>
>
> On Mon, May 20, 2013 at 3:01 PM, Rafael Veras <rafaveguim@...il.com>wrote:
>
>> Basically, I would like to stop the session when a # number of guess is
>> reached, where a guess consists in testing a single candidate string,
>> regardless of being mangled (using rules); that is, mangled guesses would
>> count towards the limit.
>>
>> In my experiment, I have a custom program generating guesses that are
>> piped
>> to JtR (--stdin mode).
>>
>> Let's say I want to know how many hits I get after the first 1,000,000
>> guesses in two conditions:
>>
>> 1) using my custom guess generator
>> 2) using JtR with a default wordlist
>>
>> Thanks,
>>
>>
>>
>> On Mon, May 20, 2013 at 2:42 PM, Stephen John Smoogen <smooge@...il.com
>> >wrote:
>>
>> > On 20 May 2013 12:29, Rafael Veras <rafaveguim@...il.com> wrote:
>> >
>> > > Is it possible to limit the number of guesses tried by JtR?
>> > >
>> > > I need to compare the efficiency of two wordlists (# of hits) given a
>> > fixed
>> > > # of trials.
>> > >
>> > >
>> > Are you applying rules? Too little information about what you are
>> meaning
>> > by limiting of guesses, etc.
>> >
>> > Normally if I am testing the efficiency of two wordlists, I just test
>> the
>> > wordlists against a bunch of hashes. THat makes it one guess per word
>> per
>> >  password hash. If I am testing a bunch of rules I run the rules
>> against a
>> > single word dictionary and then pull out any compound rules (say
>> > Az"[a-z][A-Z]") each as a seperate rule and make each rule a ruleset.
>> Then
>> > you test each ruleset and dictionary 1:1
>> >
>> >
>> >
>> >
>> > > Thanks,
>> > >
>> > > --
>> > >
>> > > *Rafael*
>> > >
>> >
>> >
>> >
>> > --
>> > Stephen J Smoogen.
>> >
>>
>>
>>
>> --
>>
>> *Rafael*
>> *http://vialab.science.uoit.ca/portfolio/rafael/*
>>
>>
>>
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.