'Re: [john-users] DumbForce external mode vs. incremental mode (was:'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       john-users
Subject:    Re: [john-users] DumbForce external mode vs. incremental mode (was:
From:       websiteaccess <websiteaccess () gmail ! com>
Date:       2009-07-31 19:08:27
Message-ID: 20090731210827908951.ab89392c () gmail ! com
[Download RAW message or body]

On Fri, 31 Jul 2009 22:42:37 +0400, Solar Designer wrote:
> On Fri, Jul 31, 2009 at 08:24:25PM +0200, websiteaccess wrote:
>> Macintosh:run xxxxxx$ ./john -e=DumbForce-alpha-fr test.txt
>> Loaded 1 password hash (FreeBSD MD5 [32/64 X2])
>> guesses: 0  time: 0:00:00:02  c/s: 8611  trying: sdc - sdd
>> guesses: 0  time: 0:00:00:03  c/s: 8618  trying: èué - èuè
>> guesses: 0  time: 0:00:00:04  c/s: 8631  trying: ahjé - ahjè
> 
> This looks fine to me.
> 
>>  How JTR can crack a password "aselé" when trying only 4 letters ?????  
>> :-/
> 
> It will get to trying 5-letter passwords when it is done with 4-letter
> ones.  Ditto for even longer passwords.
> 
> You can't expect a DumbForce mode to be as smart about things such as
> length switching as incremental mode is.  The reason why I suggested it
> was that you did not seem to care about the order in which your
> candidate passwords would be tried.  I indirectly inferred this from the
> way you were placing your characters into a fake john.pot file for
> generating a custom charset.  With that attitude, DumbForce appeared to
> be a simpler way to achieve a similar effect.  You've since expressed a
> related concern, but referring to not breaking pre-defined incremental
> modes for other uses only.  You also did not mention that you'd be
> attacking a relatively slow hash this time (you were dealing with raw
> MD5 hashes before, which were roughly 1000 times faster).
> 
> If you do care about the order in which your candidate passwords are
> tried, and now you appear to, then you need to go for a modified build
> of JtR as we've discussed before, invest more time into preparing a more
> optimal fake john.pot (tricky), then generate a custom .chr file and use
> that.  You'd only use this build of JtR when you need your custom
> charset.
> 

 It''s ok now, but, I really name that brute force ! start with "a" to 
"zzzzzzzz"

 One more thing, I have changed value from 8 to 10 of
	maxlength = 10;	// Must be at least same as minlength

 Is JTR now able to crack 10 length passwords ?

 thanks for your help.

 W.A.

-- 
To unsubscribe, e-mail john-users-unsubscribe@lists.openwall.com and reply
to the automated confirmation request that will be sent to you.


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic