Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 3 Dec 2011 13:12:20 +0200
From: Caesarmv <caesarmv@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: AMD X6 multicore issue

>
> > I'm trying to get 9 character pass (SHA512).
> What are you doing this for?  (Your answer may affect what I'd recommend.)
>

I'm testing one of my passwords (9 chars only).
It contains:
1) letters (no any existent words used)
2) digits
3) symbols

For example: ewf%ll1!1

So it can't be cracked with words list. I'm interesting to know how much
time  it needs  to crack it.


> I'm using 1.7.9 with openMP and default settings.
> > Command line: ./john pass.txt
>
> For a slow hash type like this, you won't get very far with incremental
> mode, so you may want to focus on trying various password lists,
> including with word mangling rules.  You've already tried the included
> password.lst with the default set of rules.  You can add to that by also
> trying "-w=password.lst --rules=single" (use a larger ruleset) and/or
> larger leaked password lists such as those found at:
>
> http://www.skullsecurity.org/wiki/index.php/Passwords
> http://dazzlepod.com/disclosure/
>
> You need to start with smaller ones of these lists, sorted for
> decreasing number of occurrences of each entry.  On the other hand, even
> going over the entire RockYou list, which is about 14 million unique
> entries (IIRC), will only take you a few hours (since you only have 2
> salts to compute hashes against, IIRC).
>
> You can also try all.lst from:
>
> http://download.openwall.net/pub/wordlists/
>
> Since you're dealing with slow hashes, you may want to eliminate any
> duplicate candidate passwords (resulting from application of rules) with
> this approach given in doc/EXAMPLES:
>
> ./john -w=password.lst --rules=single --stdout | ./unique mangled.lst
> ./john -w=mangled.lst pass.txt
>
> (and ditto for other source wordlists).
>
> > How much time it can take to decrypt such password?
>
> It depends.  The password might be cracked instantly or it could take
> forever, or it could be anything inbetween.  The latter is most likely.
> See also "Q: How long should I expect John to run?" in doc/FAQ.
>
> > Are there any restrictions for pass length or I can decrypt pass with any
> > length with default john settings?
>
> Incremental mode is limited to lengths up to 8 by default.  Other
> cracking modes are not limited in length (for practical purposes).
>
> This means that when you're running in incremental mode, which you are
> (pass "3" is it), you definitely won't get your length 9 password
> cracked - unless you customize the CHARSET_* settings in params.h,
> re-compile, generate a new .chr file, and use that.  My advice, though,
> is that you focus on wordlist mode with rules instead.  You're very
> unlikely to crack a length 9 password against a slow hash like this with
> incremental mode even if you customize the settings.
>
> Alexander
>

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.