Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 11 Mar 2006 04:00:08 +0000
From: "hadzijj qwerty" <hadzijj@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: does john crack xp passwords correctly?

Thank you for very descriptive answer.
>
>It's seven unknown (not yet cracked) characters followed by the part of
>the password that's been cracked (the "M" might be upper- or lower-case,
>though - John does not check that).  At this point, it is known that the
>password is exactly 10 characters long - and only the first 7 characters
>remain to be cracked.

I'm not sure this is explained in the documentation. Is it somewhere?

>
>If it's the only password hash you're cracking, you can get some speedup
>by restricting your "incremental" mode definition to just 7 character
>long passwords (normally, it would try all lengths from 0 to 7 for LM
>hashes).  In john.conf (or john.ini on Windows), edit this section:
>
>[Incremental:LanMan]
>File = $JOHN/lanman.chr
>MinLen = 0
>MaxLen = 7
>CharCount = 69
>
>to read:
>
>[Incremental:LanMan]
>File = $JOHN/lanman.chr
>MinLen = 7
>MaxLen = 7
>CharCount = 69

Thanks for that suggestion. I have 4 passwords in my passwords file.
But the strange thing is that john writes:

Loaded 7 passwords with no different salts (NT LM DES [48/64 4K])

AFAIK administrator password is is treated like 1 password, whilst every 
other password
is treated like 2 passwords. Why?

>
>then interrupt and continue the session (with "john --restore", or
>"john-mmx --restore" if you're on Windows).
>
>However, if you're cracking other password hashes at the same time (not
>only Administrator's), then _don't_ follow the above suggestion as there
>may remain password halves shorter than 7 characters that are yet to be
>cracked.

That's understood.

>
>Provided that you use the current version of John (1.7 or newer) and you
>run the MMX build of it, you should get your full Administrator password
>cracked reasonably soon (two weeks worst case for a modern CPU, but
>chances are that you'd get it cracked _much_ quicker - within hours).

I have a version 1.6.39 under debian unstable. Is version 1.7 much faster?

Thanks,
Hadzij

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.com/

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ