Date: Wed, 3 Mar 2010 18:50:23 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: cracked passwords up to 10 characters with 1.7.5 On Wed, Mar 03, 2010 at 11:07:16AM +0100, websiteaccess@...il.com wrote: > With latest 1.7.5, and all changes in the .conf, old advices do not > works. Could you tell me how to do, what must be changed in the .conf. There were no major changes in this area in JtR lately, so whatever was suggested on this mailing list earlier should still apply. > I tried with dumbforce , I changed : > > minlength = 1; // Initial password length to try, must be at least 1 > maxlength = 10; // Must be at least same as minlength <------ 8 to 10 > > but, JTR try letters/digits up to 8 only. This means that you're either not actually using the DumbForce mode or your hash type does not support passwords longer than 8 characters. Since I know you were into raw MD5 hashes, I suspect that it's the former. What's your "john" command line? > Why is it so hard to change something about length password in JTR, > it's so easy in passwordspro :-/ I could give many answers - some of those would be valid reasons, some would be more like excuses - but it'd be more productive for me to focus on improving things instead. Making "incremental" mode work for lengths beyond 8 without requiring a recompile is on my to-do list. In terms of ease of use, I might also implement command-line options to specify the lengths range for any cracking mode. However, it is not clear whether these should override the mode's settings in john.conf or limit JtR to trying a subset of candidate passwords that the mode would otherwise try. In fact, for some modes only the latter is possible. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.