Date: Sat, 3 Dec 2011 13:12:20 +0200 From: Caesarmv <caesarmv@...il.com> To: john-users@...ts.openwall.com Subject: Re: AMD X6 multicore issue > > > I'm trying to get 9 character pass (SHA512). > What are you doing this for? (Your answer may affect what I'd recommend.) > I'm testing one of my passwords (9 chars only). It contains: 1) letters (no any existent words used) 2) digits 3) symbols For example: ewf%ll1!1 So it can't be cracked with words list. I'm interesting to know how much time it needs to crack it. > I'm using 1.7.9 with openMP and default settings. > > Command line: ./john pass.txt > > For a slow hash type like this, you won't get very far with incremental > mode, so you may want to focus on trying various password lists, > including with word mangling rules. You've already tried the included > password.lst with the default set of rules. You can add to that by also > trying "-w=password.lst --rules=single" (use a larger ruleset) and/or > larger leaked password lists such as those found at: > > http://www.skullsecurity.org/wiki/index.php/Passwords > http://dazzlepod.com/disclosure/ > > You need to start with smaller ones of these lists, sorted for > decreasing number of occurrences of each entry. On the other hand, even > going over the entire RockYou list, which is about 14 million unique > entries (IIRC), will only take you a few hours (since you only have 2 > salts to compute hashes against, IIRC). > > You can also try all.lst from: > > http://download.openwall.net/pub/wordlists/ > > Since you're dealing with slow hashes, you may want to eliminate any > duplicate candidate passwords (resulting from application of rules) with > this approach given in doc/EXAMPLES: > > ./john -w=password.lst --rules=single --stdout | ./unique mangled.lst > ./john -w=mangled.lst pass.txt > > (and ditto for other source wordlists). > > > How much time it can take to decrypt such password? > > It depends. The password might be cracked instantly or it could take > forever, or it could be anything inbetween. The latter is most likely. > See also "Q: How long should I expect John to run?" in doc/FAQ. > > > Are there any restrictions for pass length or I can decrypt pass with any > > length with default john settings? > > Incremental mode is limited to lengths up to 8 by default. Other > cracking modes are not limited in length (for practical purposes). > > This means that when you're running in incremental mode, which you are > (pass "3" is it), you definitely won't get your length 9 password > cracked - unless you customize the CHARSET_* settings in params.h, > re-compile, generate a new .chr file, and use that. My advice, though, > is that you focus on wordlist mode with rules instead. You're very > unlikely to crack a length 9 password against a slow hash like this with > incremental mode even if you customize the settings. > > Alexander >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.