Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Mar 2010 18:50:23 +0300
From: Solar Designer <>
Subject: Re: cracked passwords up to 10 characters with 1.7.5

On Wed, Mar 03, 2010 at 11:07:16AM +0100, wrote:
>  With latest 1.7.5, and all changes in the .conf, old advices do not 
> works. Could you tell me how to do, what must be changed in the .conf.

There were no major changes in this area in JtR lately, so whatever was
suggested on this mailing list earlier should still apply.

>  I tried with dumbforce , I changed :
> 	minlength = 1;	// Initial password length to try, must be at least 1
> 	maxlength = 10;	// Must be at least same as minlength   <------  8 to 10
>  but, JTR try letters/digits up to 8 only.

This means that you're either not actually using the DumbForce mode or
your hash type does not support passwords longer than 8 characters.
Since I know you were into raw MD5 hashes, I suspect that it's the former.
What's your "john" command line?

>  Why is it so hard to change something about length password in JTR, 
> it's so easy in passwordspro :-/

I could give many answers - some of those would be valid reasons, some
would be more like excuses - but it'd be more productive for me to focus
on improving things instead.  Making "incremental" mode work for lengths
beyond 8 without requiring a recompile is on my to-do list.

In terms of ease of use, I might also implement command-line options to
specify the lengths range for any cracking mode.  However, it is not
clear whether these should override the mode's settings in john.conf or
limit JtR to trying a subset of candidate passwords that the mode would
otherwise try.  In fact, for some modes only the latter is possible.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.