Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 6 Jun 2007 12:14:12 +0100
From: "Evo Eftimov, iSec Consulting," <>
To: <>
Subject: RE: success rate

It is crypt(3) and there were no password policy rules enforced on the
system except minimum length. 

My assessment is that 90% of the yield is due to the word mangling rules
embedded in the product and the carefully selected wordlists which are also
part of the product. Only 5 to 10% of the yield is due to the additional
tuning done by me

I've also benefited from the SSE support in JR 



-----Original Message-----
From: Solar Designer [] 
Sent: 06 June 2007 11:26
Subject: [john-users] success rate

On Wed, Jun 06, 2007 at 10:54:06AM +0100, Evo Eftimov, iSec Consulting, wrote:
> All - I highly recommend John the Ripper to anybody with password
> project - just by running the software in single and worldlist modes (with
> carefully tuned rules taking into account specific cultural and
> psychological factors relevant to the target environment) I've been able
> to obtain 45% success rate. The single mode was extremely effective to
> demonstrate some quick wins to the management.

Thank you for sharing your experience.

You haven't mentioned what hash type you were running JtR on.  From the
success rate, I guess that those were traditional DES-based crypt(3)
hashes with almost no prior password policy enforcement.  The hash type
affects success rate a lot.  For LM hashes, it would be much higher
(90% to 100% if you let "incremental" mode run for a few days).  For
newer crypt(3) flavors, it would be lower.

How much of an improvement did your careful tuning of rules provide?
What would the success rate be without such tuning?

If you also include some "incremental" mode time (a few days?) with
default settings, what would the success rate be?

P.S. Please avoid over-quoting when you post to this mailing list.
Usually, it is enough to quote just a few lines from the message you're
responding to.  Also, your messages lack a Message-ID header, which
breaks threading of any replies in web-based archives of the list.  Is
this possibly an effect of your corporate firewall, and is it something
you can fix?


Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.