Date: Mon, 23 May 2005 23:09:43 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Fastest Crack of known password length On Mon, May 23, 2005 at 02:14:39PM -0400, James wrote: > Kind of hard to reset Root ;) If you have physical access, it is trivial to reset the password, unless special measures have been taken to prevent this very attack (but this is very uncommon). > As far as big wordlist I've tried that one and > let it run forever it seems (over a week) This is impossible. It takes around 10 minutes to run all.lst with the default set of rules against a single traditional DES-based hash, on a single modern CPU with the current development version of John built in an optimal way for your system. If you use John 1.6 and/or build it non-optimally and/or run this on an older system, this may take hours. But not days. You must have been running "incremental". > and since I am pretty sure the > password is not word based it was unable to crack it. This is why I was > thinking of an incremental against a known length of 8. OK. > One PC was set to incremental the other wasn't. With the commands you've mentioned, one was running in batch mode (meaning: "single crack" -> wordlist with rules -> "incremental"), the other in "incremental" right away. Both must have been running in "incremental" after a few minutes. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.