|
Message-ID: <20200525183723.GA12594@openwall.com> Date: Mon, 25 May 2020 20:37:23 +0200 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: questions regarding incremental mode On Mon, May 25, 2020 at 02:42:39PM +0200, Johny Krekan wrote: > Hello I would like to ask what parameters to use in John to generate > passwords for attack which resemble words. > I want the number of generated passwords is for example 5% of total > passwords combinations for example 26^6*0.05. Like you say below, you can achieve this by interrupting incremental mode when it reaches 5% of progress. > This method is used by following products: > http://lastbit.com/psw2.asp > also > http://lastbit.com/msohelp/prm.htm > https://support.passware.com/hc/en-us/articles/115002145927-What-Password-Recovery-Attacks-can-I-use-#Xieve All of these look like worsened alternatives to incremental mode, requiring the user to decide on how much to search in advance. JtR's Markov mode also has this drawback, compared to incremental mode. While you actually ask for just that, I don't recommend it. > My goal is that I want to try something like incremental attack but I > want to specify other parameters to > prevent this attack from testing all 26^6. > Because standard incremental when I select for example minlen and > maxlen=5 it will test all 26^5, but I want > to test only fragment of this and then automaticaly terminate it. > Which parameter should I use? Normally, you'd just manually terminate the session when it reaches 5%. I guess you'd want it to terminate automatically only in some special cases, such as if you run JtR from a script and intend to start another attack right after this one terminates, or if you're running simulations for research purposes. In other cases, there's hardly a good reason to terminate the session at 5% when you're not around to make any other use of the computer and could as well let it run slightly further. So to automatically terminate the session you can use "--max-candidates" or "--max-run-time". Unfortunately, there's no way to specify a percentage, but you can use a calculator like "bc" to calculate the full keyspace and then take your desired percentage from it, e.g.: $ echo 26^6*0.05 | bc 15445788.80 and then you specify "--max-candidates=15445789". This also lets you "--restore" a session like this and have it search another 5% - something I guess those other tools/methods you referenced would be incapable of. Another approach would be reduced CharCount in the corresponding john.conf section. This isn't literally the number of different characters, but is the number of different character indices, where the actual characters vary by length, position, and 2 preceding characters. So if you set "CharCount = 25" in a revision of "[Incremental:Lower]", you'll almost certainly have all 26 characters tested somewhere in the passwords anyway, but will have the least likely combinations skipped. To limit a length 6 run to roughly 5% of the full keyspace, you'd set "CharCount = 16", as seen with: $ echo 'scale=5; 16^6/26^6' | bc .05431 This is generally worse than early termination of an otherwise unrestricted incremental mode run, in two ways: (1) it'd skip some combinations that JtR finds reasonably likely to test within the first 5% of running time (e.g., indices 0 for all but one character, yet index 16 for the remaining character) and (2) you won't be able to change your mind and continue cracking without incurring duplicate work. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.