Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 3 Jul 2007 17:17:09 +0100
From: "Tom Earp" <sysadmin@...p.abelalways.co.uk>
To: <john-users@...ts.openwall.com>
Subject: Re: Incremental mode limited to 8 character words?

yeah i've read good things about the way jtr's incremental mode operates, 
hence why i wanted to make use of it. also jtr is free

i've seen that post about the 16 digit generation....but it doesn't really 
help. modifying the source for that application reduces the character set 
from the full set of printable characters to just numbers, so increasing the 
output length keeps it within the "64 bit limit" as described in the source

from the source.......... (params.h)

/*
 * Charset parameters.
 * Be careful if you change these, ((SIZE ** LENGTH) * SCALE) should fit
 * into 64 bits.  You can reduce the SCALE if required.
 */
#define CHARSET_MIN			' '
#define CHARSET_MAX			0x7E
#define CHARSET_SIZE			(CHARSET_MAX - CHARSET_MIN + 1)
#define CHARSET_LENGTH			8
#define CHARSET_SCALE			0x100


if i change charset_length to 16 and change nothing else, it compiles, but 
then when i try to create a new .chr file i get the error "pow64of32() 
overflow"
i have tried adjusting the charset_scale value to something lower, but it 
had no effect and i still got the overflow error

i do not understand what the comment means when it says the value determined 
from ((size*length)*scale) should "fit into 64 bits"??? obviously there's 
some sort of calculation going on somewhere, but i don't know a great deal 
about C so this is all going over my head somewhat

if i implement an external mode in jtr, will it generate the words in a 
simple brute-force way, or will it still do the business of creating better 
combinations like it does with the incremental mode?




----- Original Message ----- 
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: <john-users@...ts.openwall.com>
Sent: Tuesday, July 03, 2007 2:08 PM
Subject: Re: [john-users] Incremental mode limited to 8 character words?


> websiteaccess wrote:
>>On Mon, 2 Jul 2007 16:22:31 +0100, Tom Earp wrote:
>> > I have attempted this with no success...there is a comment in the
>> > params.h file:
>> > "be careful if you change these, ((SIZE ** LENGTH) * SCALE) should
>> > fit into 64 bits. you can reduce SCALE if required"
>> >
>> > what does that actually mean? i would like to be able to generate
>> > words between 8 and 30 characters in length
>> >
>> > any help would be much appreciated
>
> There are threads in the mailing list archive, e.g.
> http://thread.gmane.org/gmane.comp.security.openwall.john.user/1158/
> But it will get increasingly difficult to crack a password using
> incremental mode and a length > 8.
>
>>  JTR is great but have some limitations (for example lentgh limit).
>>
>>  TRy "PasswordsPro" it's another great password cracker with no length
>>limitation and a nice and usefull GUI !
>
> JtR has a very useful incremental mode which generates password
> candidates in a sequence that more likely passwords will be
> cracked first.
>
> IMO, you can't compare PasswordPro's incremental mode with
> this strategy:
> http://www.insidepro.com/doc/003e.shtml
>
> That will take a long time to go until you reach the limit of
> length 32, but I doubt that
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> ...
> is a useful sequence to try, even if it *might* have advantages
> when compared to.
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB
> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC
> ...
> Did you really crack a password longer than 8 characters using
> PasswordPro's incremental mode?
>
> But if you insist, you can easily implement an external mode
> for JtR which does this for you.
>
> Frank
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today it's FREE! 
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
>
> -- 
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
> to the automated confirmation request that will be sent to you.
> 


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ