Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 13 Nov 2007 06:17:11 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Incremental mode log format

On Sun, Nov 11, 2007 at 03:36:35PM +0100, WhisperingStorm wrote:
> <time> - Switching to length X
> <time> - Expanding tables for length X to character count Y
> <time> - Trying length X, fixed @Z, character count Y
> 
> I think I understand X and Y - the cracker is trying passwords X
> characters long and it's using a charset of Y characters.

More precisely, it's using a charset of Y different character indices.
The number of different characters can be higher than that because
different sets of characters turn out to be most probable for the first
Y indices for different positions, as well as for different preceding
characters.

> However, I don't get what "fixed @Z" means.

Whenever JtR tries passwords with a given number of different character
indices, it needs to avoid trying passwords that would also be available
with a smaller number of different character indices.  (Otherwise, it
would be trying the same candidate passwords more than once.)  This is
achieved by keeping one of the character indices (in character position
reported as "fixed @Z" in your log sample above) fixed at its highest
value (that is, at "Y" minus 1 since the indices are zero-based).  This
needs to be repeated for all positions up to the corresponding length.

BTW, the order in which JtR tries different {length, fixed, count}
combinations may seem weird.  It is based on statistical information
encoded in .chr files.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ