Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Jan 2009 16:20:38 -0600
From: Steve Bergman <>
To: "" <>
Subject: Clarification desired on modifying incremental mode to handle 9

I'm just getting to know john and am wanting to try out cracking length 9 passwords. And I want to confirm that I'm doing this right.

In this (relatively old) thread:

Solar Designer explains:

>The above example is for lowercase letters.  I've actually tested it by
>first generating a fake john.pot from all.lst:
>	zcat all.gz | sed 's/^/:/' > john.pot
>Then I generated a new .chr file with the patched build of JtR 1.7.2:
>	./john --make-charset=alpha13.chr

I have a few questions:

If I am only going to 9 chars, and thus CHARSET_SCALE does not change, do I really need to generate a new .chr file?

If so, is the method described above the best I am going to do without some source of real life nine character passwords?

Would it make sense, and be better, to run the list through the default wordlist mangling rules first and use the result to generate the .chr?

>>From what source is the default all.chr that comes with john generated?

Presumably, there is a wise rationale for limiting john to 8 rather then 9 characters by default. If the character range is not limited by increasing to 9, why is 8 the default?

(That last might be rephrased as "What hole am I getting ready to fall into"? ;-)

Thanks or any clarification,

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.