Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 11 Nov 2016 20:15:19 +0100
From: Patrick Proniewski <>
Subject: Re: alter default rules or filter, best way to focus on proper candidates?

On 11 nov. 2016, at 19:30, Solar Designer wrote:

>> the performance gain or loss is very hard to guess before hand, as it depends on the match between used rules and real passwords in the dump?
> Yes, but I primarily meant that you can rarely be sure that the candidate
> passwords you'd be filtering out would not crack anything at all.  This
> question arises when performing security audits, rather than when doing
> hobbyist cracking of public dumps as you seem to.

I'm doing both, but the hobbyist part accounts for 99.9% of my time with JtR. While auditing passwords at work, I use what I've learned during this hobby but in a very focused way as I've already a good knowledge of what my users are doing.

>> thanks. Would it be interesting to use "i != 10" inside Filter_LowerNum
> I guess you mean inside the modified Policy mode.

yes, that would be replacing "--external=Filter_LowerNum --max-length=10" with a custom Policy mode

>> instead of '--max-length=10' at command line?
> Yes, you can try doing it either way, but I expect the builtin
> "--max-length=10" feature to be faster than the external mode's check.

ok, thanks.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.