Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 16 Oct 2011 18:09:54 -0400
From: Rich Rumble <>
Subject: Re: filter performances

On Sun, Oct 16, 2011 at 5:55 PM, Brad Tilley <> wrote:
> On 10/16/2011 05:11 PM, Jérôme Loyet wrote:
>> I have a single traditional DES password to bruteforce. I know its
>> policy:  8 characters long (or more) and it uses at least one lower
>> case, one upper case, one numerical and one "other" char.
I think traditional DES is limited to 8 char max.

> Also, what about the (or more) length passwords. Nine, ten, eleven or twelve
> char passwords? IMO, brute force is not the way to approach passwords of
> this lenght. Start with popular passwords, then move to dictionary attacks,
> word mangling, etc.
Still I agree dictionaries/wordlists get passwords faster than brute force.
But you may want to try the "Policy" external mode.

./john hashes.txt -e=Policy


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.