Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20161111183001.GA8239@openwall.com>
Date: Fri, 11 Nov 2016 19:30:01 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: alter default rules or filter, best way to focus on proper candidates?

On Fri, Nov 11, 2016 at 11:34:38AM +0100, Patrick Proniewski wrote:
> On 09 nov. 2016, at 23:36, Solar Designer wrote:
> > As you can see, the total running time may also drop, so filters may
> > nevertheless be beneficial if you're sure none of those extra candidates
> > would result in a successful guess, but you can rarely be sure.
> 
> the performance gain or loss is very hard to guess before hand, as it depends on the match between used rules and real passwords in the dump?

Yes, but I primarily meant that you can rarely be sure that the candidate
passwords you'd be filtering out would not crack anything at all.  This
question arises when performing security audits, rather than when doing
hobbyist cracking of public dumps as you seem to.

> thanks. Would it be interesting to use "i != 10" inside Filter_LowerNum

I guess you mean inside the modified Policy mode.

> instead of '--max-length=10' at command line?

Yes, you can try doing it either way, but I expect the builtin
"--max-length=10" feature to be faster than the external mode's check.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.