Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 6 Feb 2006 00:43:33 -0800
From: Arias Hung <>
Subject: Re: Incremental Alpha Quagmire

On Wed, 01 Feb 2006, Solar Designer delivered in simple text monotype:

> On Wed, Feb 01, 2006 at 04:27:59AM -0800, Arias Hung wrote:
> > Then what would be the proper way to create an 'optimized' UpperLower.chr
> > or is that beyond the scope of explaining here?
> The proper way to generate .chr files is to use samples of real
> passwords.  If you're able to get some passwords from your target system
> cracked, then you should use that john.pot to generate your .chr file -
> and do not restrict it to just letters.

Okay, just want to see what i'm doing wrong here:

Using passwords i already know that I put in a list I generate a john.pot as follows:

$ john --stdin passwd < mylist
bBrfFdnc         (user1)
CzOplCet         (user2)
guesses: 2  time: 0:00:00:00  c/s: 10.71  trying: bBrfFdnc - CzOplCet

then as you suggest i create a character file from this:

$ john --make-charset=my.chr passwd
Loaded 2 plaintexts
Generating charsets... 1 2 3 4 5 6 7 8 DONE
Generating cracking order... DONE
Successfully written charset file: my.chr (14 characters)

I also add this section to john.conf

File = $JOHN/my.chr
MinLen = 8
MaxLen = 8
CharCount = 52

Yet when I now attempt to use this to crack the passwords:

$ ./john -i=my passwd
Loaded 1 password hash (Traditional DES [64/64 BS MMX])
Warning: only 14 characters available

I still get that warning despite adding the Charcount in the john.conf file?!

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.