Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Oct 2011 01:02:41 +0200
From: Jérôme Loyet <jerome@...et.net>
To: john-users@...ts.openwall.com
Subject: Re: filter performances

2011/10/16 Brad Tilley <brad@...ystems.com>:
> On 10/16/2011 05:11 PM, Jérôme Loyet wrote:
>>
>> Hi guys,
>>
>> I'm new to jtr and I'm facing some performance problems (I think we
>> all do somehow)
>>
>> I have a single traditional DES password to bruteforce. I know its
>> policy:  8 characters long (or more) and it uses at least one lower
>> case, one upper case, one numerical and one "other" char.
>>
>> If I'm bruteforcing using the mode All (with a fixed 8 chars len) I
>> have 95^8 = 6634204312890625 possibilities
>>
>> I want to reduce the number of tries as I know the policy. I have
>> 95^4*26*26*33*10 = 18170005425000 possibilities
>
> How'd you come up with this calculation? I don't think it's accurate as any
> char position in the password could be chosen from the 95 chars.
>
> This is correct:
>
> char 1 (95 possibilities)
> char 2 (95 possibilities)
> char 3 (95 possibilities)
> char 4 (95 possibilities)
> char 5 (95 possibilities)
> char 6 (95 possibilities)
> char 7 (95 possibilities)
> char 8 (95 possibilities)
>
> This is not correct:
>
> char 1 (95 possibilities)
> char 2 (95 possibilities)
> char 3 (95 possibilities)
> char 4 (95 possibilities)
> char 5 (26 possibilities)
> char 6 (26 possibilities)
> char 7 (33 possibilities)
> char 8 (10 possibilities)

Yes you are right. My calculation is wrong.

>
> Also, what about the (or more) length passwords. Nine, ten, eleven or twelve
> char passwords? IMO, brute force is not the way to approach passwords of
> this lenght. Start with popular passwords, then move to dictionary attacks,
> word mangling, etc.

As it's DES, it limited to 8 characters anyway. I know the password
has been made to be strong, so I'm pretty sure I'll have no chances to
crack it with wordlist (even with rules). But maybe I'm wrong

>
> Hope this helps,
>
> Brad
>
> <snip>
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.