Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 13 Jun 2009 14:06:25 +0400
From: Solar Designer <>
Subject: "incremental" mode for lengths beyond 8 (was: cracking MD5 hashes more than 8 characters long with a dictionary)

On Sat, Jun 13, 2009 at 10:16:32AM +0200, websiteaccess wrote:
>  How to crack md5 with 10 or more digits (i:digits) ????

As you know from past discussions in here (and perhaps from your
experience with JtR), "incremental" mode is limited to lengths up to 8
by default, at compile time.  Similarly, I'd expect you to be already
familiar with ways to get JtR's "incremental" mode to work for longer
passwords, since this topic is being brought up once in a while and
you've been with us for a long time. ;-)

I recommend that you check out this list of "most useful and currently
relevant excerpts from john-users mailing list" on the wiki:

Specifically, it links to this posting:

which gives specific changes to src/params.h to enable JtR's
"incremental" mode to try longer candidate passwords.  For example, you
may pick the suggested settings for lengths up to 10, then generate a
.chr file with:

./john --make-charset=digits10.chr -e=filter_digits

The posting from 2007 referenced above gives a specific example for
purely-alphabetic passwords, but the same approach would also apply to
making JtR try lengthy strings of digits.

Alternatively, you can use the DumbForce external mode - modify its
init() function to set your desired charset and lengths, and it will
work just fine.  The drawback is that, unlike "incremental" mode,
DumbForce won't be trying more common passwords first (for a given
length) - but for digits-only, reasonable lengths, and fast saltless
hashes you might find that acceptable.


To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.