Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 21 May 2018 11:10:09 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Incremental mode over 13 characters?

On Mon, May 21, 2018 at 12:03:24AM +0100, Eric Watson wrote:
> I read that Incremental Mode will use the full printable ASCII character 
> set and try all possible password lengths from 0 to 13 from the 95 
> characters.

The maximum length is runtime configurable (up to a compile-time limit
currently at 24).  It's "MaxLen = 13" in this section in john.conf:

# Incremental modes
[Incremental:ASCII]
File = $JOHN/ascii.chr
MinLen = 0
MaxLen = 13
CharCount = 95

You can edit it.  Or you can use a different section.  As you can see,
some other pre-defined incremental modes have MaxLen set differently:

[Incremental:Digits]
File = $JOHN/digits.chr
MinLen = 1
MaxLen = 20
CharCount = 10
 
> Can JtR use incremental mode with a password which has at most a total 
> of 22 characters which include special characters if the available 
> characters are known? A word of up to 22 characters from a list of 16 
> characters.
> 
> Eg. A password such as !AbCdEfGhIj*1234, expanded using the same 
> characters to a total of 22, the characters of which are known but the 
> order is not.

Technically yes, you can set "MaxLen = 22" and generate a custom .chr
file corresponding to your character set.  But you're not going to get
that password cracked, at least in this way and without focusing the
attack much more.  16^22 is a lot more than you'd ever search.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ