Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 19 Nov 2012 19:14:18 +0100
From: Simon Marechal <simon@...quise.net>
To: john-users@...ts.openwall.com
Subject: Re: How does incremental mode works?

On 11/19/2012 04:59 PM, Richard Miles wrote:
>> > In most cases, you don't know how the passwords you want to crack will
>> > look like.
>> > In this case, the rockyou list probably is a safe bet.
>> > Please note that it might not be if password policy enforces passwords
>> > which are way more complicated than the average rockyou password.
>> >
> And what do you recommend as a dictionary to generate a stats file for
> companies using password policy enforcement?

This will usually not work too well. This is not a silver bullet ...

You need a different model in order to account for this kind of
passwords. Mangling rules are probably more effective here ...

These days I do not have a good source of "real corporate passwords", I
only work on the public leaks, so I really can't answer this ...

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.