Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 3 Mar 2010 18:50:23 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: cracked passwords up to 10 characters with 1.7.5

On Wed, Mar 03, 2010 at 11:07:16AM +0100, websiteaccess@...il.com wrote:
>  With latest 1.7.5, and all changes in the .conf, old advices do not 
> works. Could you tell me how to do, what must be changed in the .conf.

There were no major changes in this area in JtR lately, so whatever was
suggested on this mailing list earlier should still apply.

>  I tried with dumbforce , I changed :
> 
> 	minlength = 1;	// Initial password length to try, must be at least 1
> 	maxlength = 10;	// Must be at least same as minlength   <------  8 to 10
> 
>  but, JTR try letters/digits up to 8 only.

This means that you're either not actually using the DumbForce mode or
your hash type does not support passwords longer than 8 characters.
Since I know you were into raw MD5 hashes, I suspect that it's the former.
What's your "john" command line?

>  Why is it so hard to change something about length password in JTR, 
> it's so easy in passwordspro :-/

I could give many answers - some of those would be valid reasons, some
would be more like excuses - but it'd be more productive for me to focus
on improving things instead.  Making "incremental" mode work for lengths
beyond 8 without requiring a recompile is on my to-do list.

In terms of ease of use, I might also implement command-line options to
specify the lengths range for any cracking mode.  However, it is not
clear whether these should override the mode's settings in john.conf or
limit JtR to trying a subset of candidate passwords that the mode would
otherwise try.  In fact, for some modes only the latter is possible.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.