Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 29 May 2008 00:31:57 +0400
From: Solar Designer <>
Subject: Re: 15 characters

On Tue, May 27, 2008 at 11:01:40PM -0400, bofh wrote:
> I've already found some, but these are user level things.  The root
> passwords are more secure and are over 8 characters long.

As you probably know, most root compromises occur by means other than
cracking a root password.

> How does JtR deal with two simultaneous sessions?

Please refer to the FAQ:

Q: Does John support multi-processing or distributed processing?
A: There's no real MP or distributed processing support in John right
now, but you can distribute the work between a few nodes manually.
You may safely run multiple instances of John in the same working
directory, all writing to the same "pot file" (this is a feature).  You
do, however, need to assign each of them a unique session name, with

The FAQ gives a more complete answer, please read it.

> I'm running it on a dual core, and
> it's only using 1 core.  Is it feasible, and more importantly, does it make
> sense to leave the current session running all@8 characters, and start a new
> one with a more limited character subset, running from 9-12?

Yes, this makes some sense, if your hash type supports passwords or
password halves longer than 8 characters at all - which it probably does
not.  It may make more sense to run one session for lengths up to 7 and
another for length 8.

> > Also, you've never mentioned the hash type you're dealing with, although
> > it is very relevant and might affect my advice.
> Whatever is the standard/default on aix 5.2.

I don't know about 5.2 specifically, but I'd expect to see "bigcrypt"
there, which means that passwords longer than 8 characters are not
supported for real (rather, they're split in 8-character halves, which
JtR cracks separately - so there's no reason to have JtR try candidate
passwords of longer than 8 characters).  What does the "Loaded ..." line
say?  How many characters are there in encodings for your target hashes?


To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.