Date: Thu, 29 May 2008 02:43:48 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: 15 characters On Wed, May 28, 2008 at 04:50:59PM -0400, bofh wrote: > Loaded 347 password hashes with 176 different salts (Traditional DES > [128/128 BS SSE2]) > > Doesn't look like it's split into 8-character halves? Actually, it does. "Traditional DES" means that it's either the traditional crypt(3), which truncates at 8 characters, or "bigcrypt", which splits. You can tell which it is by looking at the hash encodings - are all of them 13 characters long, or are some 24 characters long? The latter ones correspond to 9-16 character long passwords, which are split at 8 characters. Also, notice how you have too few different salts - this indicates that the distribution of salts is far from uniform. You will be able to get a much better c/s rate by focusing on salts present on multiple hashes - try the "--salts=..." option, adjusting its parameter - start with 2, then try higher values - the number of hashes loaded will be decreasing, but the c/s rate will be increasing. > So, go make one to run from 9-12 characters then :) Definitely not. In fact, JtR will correctly limit "incremental" mode's MaxLen to 8 for these hashes, even if you recompile it to allow for greater lengths (which would make sense for other hash types). Alexander -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.