Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 Dec 2011 10:57:24 -0700
From: RB <>
Subject: Re: New User - Some JtR questions.

On Fri, Dec 30, 2011 at 09:53, APseudoUtopia <> wrote:
> I have a Win7 system that uses NTLM hashes. I also have a FreeBSD
> system, which uses blowfish for root and md5 for my user account. I
> was wondering which would be fastest/easiest to crack in incremental
> mode? Yes, I do know that it probably will take an extremely long time
> (months?) to crack a long password, but I'm just curious to run it for
> a couple days and see what happens.

If you can extract the LM hashes, you'll go extremely fast, and
depending on the processor[s] you have available could probably
complete in "a couple" of days.  Beyond that, MD5 is faster than
blowfish, by a significant measure.

> I have already tried all three hashes (NTLM, Blowfish, and MD5) using
> both single and wordlist modes (using the "all" wordlist). I was
> wondering if it would be worth it to search a larger wordlist out on
> the internet and try that?

Sometimes.  There are multiple historical discussions on this list
about what constitutes a good word list and whether some are any

> What can I do to give john "hints" to speed up the process? For
> example, I know the passwords I use are all lower-case letters, with a
> couple numbers appended to the end. Is there a trick to setting the
> wordlist rules to do this? Or even in incremental mode?

Assuming they're not single dictionary words, see the 'Alnum'
incremental modes.  You could also write a filter, but depending on
your experience level just using the less-efficient (but preexisting)
mode will probably be the most expedient approach.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.