Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 16 Oct 2011 18:09:54 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: filter performances

On Sun, Oct 16, 2011 at 5:55 PM, Brad Tilley <brad@...ystems.com> wrote:
> On 10/16/2011 05:11 PM, Jérôme Loyet wrote:
>> I have a single traditional DES password to bruteforce. I know its
>> policy:  8 characters long (or more) and it uses at least one lower
>> case, one upper case, one numerical and one "other" char.
I think traditional DES is limited to 8 char max.

> Also, what about the (or more) length passwords. Nine, ten, eleven or twelve
> char passwords? IMO, brute force is not the way to approach passwords of
> this lenght. Start with popular passwords, then move to dictionary attacks,
> word mangling, etc.
Still I agree dictionaries/wordlists get passwords faster than brute force.
But you may want to try the "Policy" external mode.

./john hashes.txt -e=Policy

-rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.