Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 12 Nov 2012 14:54:16 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: How does incremental mode works?

On Mon, Nov 12, 2012 at 2:20 PM, Richard Miles
<richard.k.miles@...glemail.com> wrote:
> Hi all
>
> I see that default incremental option is not a sequential brute force. Can
> someone please give me details about how it works and how password
> candidates are generated and selected?
Read the MODES documentation: http://www.openwall.com/john/doc/MODES.shtml
Basically JtR is trying more likely candidates based on a certain
dataset using Tri-graph frequencies (or some such:). You can "train"
your chr files to suit the hashes you're cracking and possibly get
even better results... If your auditing a company and a product or
brand name appears in peoples passwords, creating a custom chr file
may be a good idea, as those letters/characters are showing up for
frequently and might get hashes to fall faster in that instance. If
you then used that same custom chr file against another list from a
different source, your results will probably very poor. Incremental
mode is limited to 8 character places, but can be made longer.
http://www.openwall.com/john/doc/EXAMPLES.shtml (custom chr)
More Info http://www.openwall.com/lists/john-users/2009/02/20/3

> Also, I see that OCL hashcat has a similar feature which also give us good
> results. Is there any kind of comparison between the two modes used? Which
> one is more effective? Or downside and upsides for jTr and OCL hashcat?
Maybe this Reddit article addresses some of that, I dunno.

   With JtR's incremental mode, every character is determined by
{length, position, previous two characters}.
The above is from
http://www.reddit.com/r/crypto/comments/yuqyi/john_the_ripper_vs_oclhashcatlite#id-t2_4r8q1

-rich

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.