[prev in list] [next in list] [prev in thread] [next in thread]
List: john-users
Subject: Re: [john-users] DumbForce external mode vs. incremental mode (was:
From: websiteaccess <websiteaccess () gmail ! com>
Date: 2009-07-31 19:08:27
Message-ID: 20090731210827908951.ab89392c () gmail ! com
[Download RAW message or body]
On Fri, 31 Jul 2009 22:42:37 +0400, Solar Designer wrote:
> On Fri, Jul 31, 2009 at 08:24:25PM +0200, websiteaccess wrote:
>> Macintosh:run xxxxxx$ ./john -e=DumbForce-alpha-fr test.txt
>> Loaded 1 password hash (FreeBSD MD5 [32/64 X2])
>> guesses: 0 time: 0:00:00:02 c/s: 8611 trying: sdc - sdd
>> guesses: 0 time: 0:00:00:03 c/s: 8618 trying: èué - èuè
>> guesses: 0 time: 0:00:00:04 c/s: 8631 trying: ahjé - ahjè
>
> This looks fine to me.
>
>> How JTR can crack a password "aselé" when trying only 4 letters ?????
>> :-/
>
> It will get to trying 5-letter passwords when it is done with 4-letter
> ones. Ditto for even longer passwords.
>
> You can't expect a DumbForce mode to be as smart about things such as
> length switching as incremental mode is. The reason why I suggested it
> was that you did not seem to care about the order in which your
> candidate passwords would be tried. I indirectly inferred this from the
> way you were placing your characters into a fake john.pot file for
> generating a custom charset. With that attitude, DumbForce appeared to
> be a simpler way to achieve a similar effect. You've since expressed a
> related concern, but referring to not breaking pre-defined incremental
> modes for other uses only. You also did not mention that you'd be
> attacking a relatively slow hash this time (you were dealing with raw
> MD5 hashes before, which were roughly 1000 times faster).
>
> If you do care about the order in which your candidate passwords are
> tried, and now you appear to, then you need to go for a modified build
> of JtR as we've discussed before, invest more time into preparing a more
> optimal fake john.pot (tricky), then generate a custom .chr file and use
> that. You'd only use this build of JtR when you need your custom
> charset.
>
It''s ok now, but, I really name that brute force ! start with "a" to
"zzzzzzzz"
One more thing, I have changed value from 8 to 10 of
maxlength = 10; // Must be at least same as minlength
Is JTR now able to crack 10 length passwords ?
thanks for your help.
W.A.
--
To unsubscribe, e-mail john-users-unsubscribe@lists.openwall.com and reply
to the automated confirmation request that will be sent to you.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic