Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 20 Jul 2012 19:27:23 -0400
From: Rich Rumble <>
Subject: Re: Performance Considerations of stdin

On Sun, May 20, 2012 at 11:07 AM, Solar Designer <> wrote:
> In general, piping candidate passwords into JtR is usually wasteful when
> you crack fast and saltless hashes (or when the salt count is low).
> For slow and/or salted hashes, it is OK performance-wise (although you
> don't achieve any speed increase in this way).
> Usually, --stdin and --pipe are used not to increase the speed (which
> they usually don't), but to provide a candidate passwords stream that
> would be impossible or more difficult to generate with JtR itself.  For
> example, when you already have a program that generates your desired
> candidate passwords, you may use it along with --stdin quicker than
> reimplement the same functionality in terms of JtR wordlist rules or
> external mode.
I've been trying new (well to me they are new) methods for cracking,
like using pipe (which works well in the latest jumbo on cygwin).
john-sse2.exe --stdout=11 -i=alpha -session=stdout | john-sse2.exe
pastebindorks.txt -format=raw-md5 -pipe -rules=cap_num -session=zero
-mem 500000000
I am using a rule from Korelogic, and I'm sure it's a bit wasteful, as
incremental will probably be capitalizing letters here an there, but
so far it's been very effective. The rule is as follows (don't recall
the original name)
-[c:] <* >1 \p[c:] $[0-9]
-[c:] <* >1 \p[c:] ^[0-9]
-[c:] <- >1 \p[c:] Az"[0-9][0-9]"
-[c:] <- >1 \p[c:] A0"[0-9][0-9]"
-[c:] >1 \p[c:] Az"[0-9][0-9][0-9]" <+
-[c:] >1 \p[c:] Az"[0-9][0-9][0-9][0-9]
I'm probably not using -mem correctly, I have been increasing the -mem
option, each time I do (now at -mem 500000000) I get more and more
results. I'm wondering what the optimum way to use incremental=alpha
(append) digits (or digits (prefix) alpha) is. I have a lot of ram, so
I could keep up'ing that as well.
I've created a number of "dumbforce" and "knownforce" alterations, but
nothing works better than good ol incremental :) For me wordlist's +
mangling is #1 (maybe tied with single crack), but incremental with
mangling seems to be very good for my current task. I'm going to cut
the rules above down to [c:] $[0-9] *or* [c:] Az"[0-9][0-9]" for
example to see if it will speed anything along.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.