Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20200614165157.GB27578@openwall.com>
Date: Sun, 14 Jun 2020 18:51:57 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Best cracking method to use?

On Sun, Jun 14, 2020 at 10:46:45AM -0400, Powen Cheng wrote:
> I will try PRINCE mode as suggested on another machine that I recently
> built with better GUPs. As I am not familiar with this mode. Is there more
> documentation that would better explain this mode.

Please refer to doc/PRINCE.

> Also, in the past I have always used the increment mode and I have a
> machine that ran for 8 months and it still has not found the password that
> I am hoping to find. I did find the other known test passwords that I set
> in place to see if the JOHN was working throughout the process. Maybe
> simply my temporary password that I used was simply too long, like 15-18
> chars.
> 
> Now I am thinking about there has to be a better way to do this than trying
> to brute force a long password. I do remember some bits of the password but
> I want to see if I can use increment mode or some other mode and combine
> wordlist and know chars to improve the search.

Of course, you should use whatever knowledge about the password you have.

PRINCE isn't necessarily the most suitable choice - it's just the
easiest to use for the kind of information you provided.  If you provide
even more information - e.g., not just one list of password components,
but some constraints on what can be in which part of the password - then
my advice could be different and likely more complicated.

I suggest you do give PRINCE a try, and only spend more of your time on
more complicated configuration if PRINCE doesn't succeed quickly.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.