Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 31 Jul 2009 21:08:27 +0200
From: websiteaccess <>
Subject: Re: DumbForce external mode vs. incremental mode (was:
 invoking a DumbForce external mode)

On Fri, 31 Jul 2009 22:42:37 +0400, Solar Designer wrote:
> On Fri, Jul 31, 2009 at 08:24:25PM +0200, websiteaccess wrote:
>> Macintosh:run xxxxxx$ ./john -e=DumbForce-alpha-fr test.txt
>> Loaded 1 password hash (FreeBSD MD5 [32/64 X2])
>> guesses: 0  time: 0:00:00:02  c/s: 8611  trying: sdc - sdd
>> guesses: 0  time: 0:00:00:03  c/s: 8618  trying: èué - èuè
>> guesses: 0  time: 0:00:00:04  c/s: 8631  trying: ahjé - ahjè
> This looks fine to me.
>>  How JTR can crack a password "aselé" when trying only 4 letters ?????  
>> :-/
> It will get to trying 5-letter passwords when it is done with 4-letter
> ones.  Ditto for even longer passwords.
> You can't expect a DumbForce mode to be as smart about things such as
> length switching as incremental mode is.  The reason why I suggested it
> was that you did not seem to care about the order in which your
> candidate passwords would be tried.  I indirectly inferred this from the
> way you were placing your characters into a fake john.pot file for
> generating a custom charset.  With that attitude, DumbForce appeared to
> be a simpler way to achieve a similar effect.  You've since expressed a
> related concern, but referring to not breaking pre-defined incremental
> modes for other uses only.  You also did not mention that you'd be
> attacking a relatively slow hash this time (you were dealing with raw
> MD5 hashes before, which were roughly 1000 times faster).
> If you do care about the order in which your candidate passwords are
> tried, and now you appear to, then you need to go for a modified build
> of JtR as we've discussed before, invest more time into preparing a more
> optimal fake john.pot (tricky), then generate a custom .chr file and use
> that.  You'd only use this build of JtR when you need your custom
> charset.

 It''s ok now, but, I really name that brute force ! start with "a" to 

 One more thing, I have changed value from 8 to 10 of
	maxlength = 10;	// Must be at least same as minlength

 Is JTR now able to crack 10 length passwords ?

 thanks for your help.


To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.