Date: Fri, 31 Jul 2009 21:08:27 +0200 From: websiteaccess <websiteaccess@...il.com> To: john-users@...ts.openwall.com Subject: Re: DumbForce external mode vs. incremental mode (was: invoking a DumbForce external mode) On Fri, 31 Jul 2009 22:42:37 +0400, Solar Designer wrote: > On Fri, Jul 31, 2009 at 08:24:25PM +0200, websiteaccess wrote: >> Macintosh:run xxxxxx$ ./john -e=DumbForce-alpha-fr test.txt >> Loaded 1 password hash (FreeBSD MD5 [32/64 X2]) >> guesses: 0 time: 0:00:00:02 c/s: 8611 trying: sdc - sdd >> guesses: 0 time: 0:00:00:03 c/s: 8618 trying: èué - èuè >> guesses: 0 time: 0:00:00:04 c/s: 8631 trying: ahjé - ahjè > > This looks fine to me. > >> How JTR can crack a password "aselé" when trying only 4 letters ????? >> :-/ > > It will get to trying 5-letter passwords when it is done with 4-letter > ones. Ditto for even longer passwords. > > You can't expect a DumbForce mode to be as smart about things such as > length switching as incremental mode is. The reason why I suggested it > was that you did not seem to care about the order in which your > candidate passwords would be tried. I indirectly inferred this from the > way you were placing your characters into a fake john.pot file for > generating a custom charset. With that attitude, DumbForce appeared to > be a simpler way to achieve a similar effect. You've since expressed a > related concern, but referring to not breaking pre-defined incremental > modes for other uses only. You also did not mention that you'd be > attacking a relatively slow hash this time (you were dealing with raw > MD5 hashes before, which were roughly 1000 times faster). > > If you do care about the order in which your candidate passwords are > tried, and now you appear to, then you need to go for a modified build > of JtR as we've discussed before, invest more time into preparing a more > optimal fake john.pot (tricky), then generate a custom .chr file and use > that. You'd only use this build of JtR when you need your custom > charset. > It''s ok now, but, I really name that brute force ! start with "a" to "zzzzzzzz" One more thing, I have changed value from 8 to 10 of maxlength = 10; // Must be at least same as minlength Is JTR now able to crack 10 length passwords ? thanks for your help. W.A. -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.