Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 1 Sep 2010 14:54:30 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Noob question: how to feed 10 alphanum char min&max
 incremental to aircrack when "MaxLen = 10 exceeds the compile-time limit of 8"

Never tried, and depending on the hash it would vary, but something fast
like NTLM would likely take weeks.Depending on how I generated the
CHR file, I'm not sure if there is a "tri-graph" that would help JtR guess the
more likely digits, but I have used it to find long char only passwords that
were 12 chars in a few days.I'll let this run (1-16) as long as I can and see
if I can get you a number for at least the NT hash on a 2.33Ghz. I've certainly
cracked passes over 8 with it plenty of times. All digit pass's are not that
common in my experience so I've never thought of having a rainbow table
for them, esp when JtR goes through 1-8 so quickly.

> Out of curiosity, have you ever enumerated the entire space of a 16 char
> number only password? If so, how long did that take? I would assume
> weeks (at least... although that seems overly optimistic for CPU),
> months? Or have you never enumerated the entire space?
>
> 10^16 = 10,000,000,000,000,000
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.