Date: Mon, 17 Oct 2011 01:02:41 +0200 From: Jérôme Loyet <jerome@...et.net> To: john-users@...ts.openwall.com Subject: Re: filter performances 2011/10/16 Brad Tilley <brad@...ystems.com>: > On 10/16/2011 05:11 PM, Jérôme Loyet wrote: >> >> Hi guys, >> >> I'm new to jtr and I'm facing some performance problems (I think we >> all do somehow) >> >> I have a single traditional DES password to bruteforce. I know its >> policy: 8 characters long (or more) and it uses at least one lower >> case, one upper case, one numerical and one "other" char. >> >> If I'm bruteforcing using the mode All (with a fixed 8 chars len) I >> have 95^8 = 6634204312890625 possibilities >> >> I want to reduce the number of tries as I know the policy. I have >> 95^4*26*26*33*10 = 18170005425000 possibilities > > How'd you come up with this calculation? I don't think it's accurate as any > char position in the password could be chosen from the 95 chars. > > This is correct: > > char 1 (95 possibilities) > char 2 (95 possibilities) > char 3 (95 possibilities) > char 4 (95 possibilities) > char 5 (95 possibilities) > char 6 (95 possibilities) > char 7 (95 possibilities) > char 8 (95 possibilities) > > This is not correct: > > char 1 (95 possibilities) > char 2 (95 possibilities) > char 3 (95 possibilities) > char 4 (95 possibilities) > char 5 (26 possibilities) > char 6 (26 possibilities) > char 7 (33 possibilities) > char 8 (10 possibilities) Yes you are right. My calculation is wrong. > > Also, what about the (or more) length passwords. Nine, ten, eleven or twelve > char passwords? IMO, brute force is not the way to approach passwords of > this lenght. Start with popular passwords, then move to dictionary attacks, > word mangling, etc. As it's DES, it limited to 8 characters anyway. I know the password has been made to be strong, so I'm pretty sure I'll have no chances to crack it with wordlist (even with rules). But maybe I'm wrong > > Hope this helps, > > Brad > > <snip> >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.