|
Message-ID: <20130528210731.GA6261@openwall.com> Date: Wed, 29 May 2013 01:07:31 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: How to limit the number of guesses? On Tue, May 28, 2013 at 10:44:11PM +0200, magnum wrote: > On 28 May, 2013, at 21:59 , Frank Dittrich <frank_dittrich@...mail.com> wrote: > > The first mode in a default run is single mode. > > How does AutoStatus count the number of candidates if this number > > 1. depends on user name and other information that is used to generate > > candidates > > Basically, each word is counted once. If the same word/username is applicable to another user with *same* salt, it will not be hashed nor counted again. If the same word/username is applicable to another user with a *different* salt, it will be used - and counted - again in Single mode. In terms of AutoStatus this is the same situation as a dupe word in a wordlist. It will be counted again. It's trickier than that: candidate passwords to be tested against hashes with a certain salt may come from user-specific info for hashes with that salt (with some non-perfect dupe suppression), or they may come from successful guesses for any salt. The JtR builtin candidates counter used for the reported p/s rate in the upcoming JtR 1.8 release uses a certain tricky algorithm to count single crack mode's candidate passwords in a certain reasonable fashion (although there's no one right way to count them). AutoStatus does not implement anything like that. I certainly never intended the Auto* modes to be used with single crack mode, and I recommend that they not be used with single crack mode. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.