Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Mon, 17 Oct 2011 01:09:24 +0200
From: Jérôme Loyet <jerome@...et.net>
To: john-users@...ts.openwall.com
Subject: Re: filter performances

2011/10/17 Rich Rumble <richrumble@...il.com>:
> On Sun, Oct 16, 2011 at 5:55 PM, Brad Tilley <brad@...ystems.com> wrote:
>> On 10/16/2011 05:11 PM, Jérôme Loyet wrote:
>>> I have a single traditional DES password to bruteforce. I know its
>>> policy:  8 characters long (or more) and it uses at least one lower
>>> case, one upper case, one numerical and one "other" char.
> I think traditional DES is limited to 8 char max.
>
>> Also, what about the (or more) length passwords. Nine, ten, eleven or twelve
>> char passwords? IMO, brute force is not the way to approach passwords of
>> this lenght. Start with popular passwords, then move to dictionary attacks,
>> word mangling, etc.
> Still I agree dictionaries/wordlists get passwords faster than brute force.
> But you may want to try the "Policy" external mode.
>
> ./john hashes.txt -e=Policy
>

Yes it works but the performances are horrible just to generate and
filter the possibilities:

E:\Partage\john-1.7.8-jumbo-7-Win-32\run>john.exe -i:All8 --stdout >NUL
words: 8388606  time: 0:00:00:01 0.00%  w/s: 6574K  current: schrramb
words: 16777213  time: 0:00:00:02 0.00%  w/s: 6767K  current: 28510/ou
words: 25165820  time: 0:00:00:03 0.00%  w/s: 6808K  current: carolf01
words: 33554427  time: 0:00:00:04 0.00%  w/s: 6857K  current: bchenthi
words: 41943034  time: 0:00:00:06 0.00%  w/s: 6884K  current: 55363400
words: 50331641  time: 0:00:00:07 0.00%  w/s: 6874K  current: meirpr99
words: 58720248  time: 0:00:00:08 0.00%  w/s: 6894K  current: 19729838
words: 67108855  time: 0:00:00:09 0.00%  w/s: 6907K  current: 48066839
words: 75497462  time: 0:00:00:10 0.00%  w/s: 6919K  current: cyumsdre
words: 76903012  time: 0:00:00:11 0.00%  w/s: 6920K  current: 31698573
Session aborted

E:\Partage\john-1.7.8-jumbo-7-Win-32\run>john.exe -i:All8
--external=Policy --stdout >NUL
words: 65533  time: 0:00:00:02 0.00%  w/s: 26413  current: cynNAn12
words: 131068  time: 0:00:00:03 0.00%  w/s: 33521  current: mmyJisi2
words: 163835  time: 0:00:00:05 0.00%  w/s: 30255  current: mckiYet9
words: 229370  time: 0:00:00:06 0.00%  w/s: 34051  current: chauL661
words: 294905  time: 0:00:00:08 0.00%  w/s: 34556  current: bittyDe1
words: 360440  time: 0:00:00:09 0.00%  w/s: 36214  current: prO3NTBn
words: 491511  time: 0:00:00:12 0.00%  w/s: 40762  current: schofEA4
words: 4097578  time: 0:00:00:20 0.00%  w/s: 198276  current: 50rdaplE
Session aborted


what I don't understand is the rate I'm having with the external
policy and how I can have the same rate than without filter.
++ fat

> -rich
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ