Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 17 Oct 2011 01:09:24 +0200
From: Jérôme Loyet <jerome@...et.net>
To: john-users@...ts.openwall.com
Subject: Re: filter performances

2011/10/17 Rich Rumble <richrumble@...il.com>:
> On Sun, Oct 16, 2011 at 5:55 PM, Brad Tilley <brad@...ystems.com> wrote:
>> On 10/16/2011 05:11 PM, Jérôme Loyet wrote:
>>> I have a single traditional DES password to bruteforce. I know its
>>> policy:  8 characters long (or more) and it uses at least one lower
>>> case, one upper case, one numerical and one "other" char.
> I think traditional DES is limited to 8 char max.
>
>> Also, what about the (or more) length passwords. Nine, ten, eleven or twelve
>> char passwords? IMO, brute force is not the way to approach passwords of
>> this lenght. Start with popular passwords, then move to dictionary attacks,
>> word mangling, etc.
> Still I agree dictionaries/wordlists get passwords faster than brute force.
> But you may want to try the "Policy" external mode.
>
> ./john hashes.txt -e=Policy
>

Yes it works but the performances are horrible just to generate and
filter the possibilities:

E:\Partage\john-1.7.8-jumbo-7-Win-32\run>john.exe -i:All8 --stdout >NUL
words: 8388606  time: 0:00:00:01 0.00%  w/s: 6574K  current: schrramb
words: 16777213  time: 0:00:00:02 0.00%  w/s: 6767K  current: 28510/ou
words: 25165820  time: 0:00:00:03 0.00%  w/s: 6808K  current: carolf01
words: 33554427  time: 0:00:00:04 0.00%  w/s: 6857K  current: bchenthi
words: 41943034  time: 0:00:00:06 0.00%  w/s: 6884K  current: 55363400
words: 50331641  time: 0:00:00:07 0.00%  w/s: 6874K  current: meirpr99
words: 58720248  time: 0:00:00:08 0.00%  w/s: 6894K  current: 19729838
words: 67108855  time: 0:00:00:09 0.00%  w/s: 6907K  current: 48066839
words: 75497462  time: 0:00:00:10 0.00%  w/s: 6919K  current: cyumsdre
words: 76903012  time: 0:00:00:11 0.00%  w/s: 6920K  current: 31698573
Session aborted

E:\Partage\john-1.7.8-jumbo-7-Win-32\run>john.exe -i:All8
--external=Policy --stdout >NUL
words: 65533  time: 0:00:00:02 0.00%  w/s: 26413  current: cynNAn12
words: 131068  time: 0:00:00:03 0.00%  w/s: 33521  current: mmyJisi2
words: 163835  time: 0:00:00:05 0.00%  w/s: 30255  current: mckiYet9
words: 229370  time: 0:00:00:06 0.00%  w/s: 34051  current: chauL661
words: 294905  time: 0:00:00:08 0.00%  w/s: 34556  current: bittyDe1
words: 360440  time: 0:00:00:09 0.00%  w/s: 36214  current: prO3NTBn
words: 491511  time: 0:00:00:12 0.00%  w/s: 40762  current: schofEA4
words: 4097578  time: 0:00:00:20 0.00%  w/s: 198276  current: 50rdaplE
Session aborted


what I don't understand is the rate I'm having with the external
policy and how I can have the same rate than without filter.
++ fat

> -rich
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.