Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Nov 2012 09:59:24 -0600
From: Richard Miles <richard.k.miles@...glemail.com>
To: john-users@...ts.openwall.com
Subject: Re: How does incremental mode works?

Hi Frank,

Thanks for your answer, very appreciated.

On Sat, Nov 17, 2012 at 9:09 PM, Frank Dittrich
<frank_dittrich@...mail.com>wrote:

> On 11/17/2012 05:23 PM, Simon Marechal wrote:
> > On 11/16/2012 10:16 PM, Richard Miles wrote:
> >> 1) Is there a command-line parameter to replace the default path of
> >> $JOHN/markov.stats?
> >
> > I have not been following what's in jumbo for a while but I suppose
> > there is a way in the config file.
>
> Yes, there is.
>
> Reading the "BASIC USAGE" and "CONFIGURATION OPTIONS" chapters in the
> doc/MARKOV file should help.
> If not, please clarify what is missing.
>

Sorry, I think I was not very clear on my this e-mail. Please, see my
previous e-mails where I explain it in details.


>
>
> >> 3) What is the proper kind of wordlist that I should use to generate a
> >> stats file? A default one such as passwords.lst? Rockyou leak? PHPbb
> leak?
> >> All of them together?
> >
> > The proper wordlist is the one that looks like the passwords you want to
> > attack. If this is a public leak, rockyou is your best choice. If this
> > is something else, you will have to find something else ;)
>
> In most cases, you don't know how the passwords you want to crack will
> look like.
> In this case, the rockyou list probably is a safe bet.
> Please note that it might not be if password policy enforces passwords
> which are way more complicated than the average rockyou password.
>

And what do you recommend as a dictionary to generate a stats file for
companies using password policy enforcement?


>
> Frank
>

Thanks.

Best regards.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.