Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 Feb 2013 08:16:45 -0500
From: Rich Rumble <>
Subject: Re: generating passwords candidates longer than 8
 characters using incremental attack

On Tue, Feb 5, 2013 at 4:40 AM, JohnyKrekan <> wrote:
> Hello, after a successfull test with 8 characters password I tried to generate longer passwords by setting the incremental section in john.ini where
Incremental mode will only create max 8 length passwords by default.
You have to compile John with one tweak to allow for longer passwords,
and then you have to generate the .CHR files for it to use with those
longer settings.
> Why this configuration is not working?
> what should I do to derivate those longer password candidates using incremental attack?
Again the .chr files are where john derives it's incremental
candidates, and you have to create your own once you've modified the
params.h file

#define CHARSET_LENGTH			8

Change that to 10, or 12 etc...(whatever number you want up to a point)
Then you can create your own charset files.
In order to generate the chr files you need a large pot file...
To generate a decent pot file for john to use when creating these
charset's try (if on windows find use cygwin)

cat rockyou.txt | sed 's/^/:/' > custom.pot

You can use some pre-defined or custom word filters when generating
the charset file to have John consider some simpler passwords only:
	john --pot=custom.pot --make-charset=my_alpha.chr
--external=filter_alpha mypasswd.chr

If your "pot file" got large enough (or if you don't have any charset
files at all), you might want to use it to generate a new set of main
charset files:

	john --pot=custom.pot --make-charset=all.chr
	john --pot=custom.pot --make-charset=alnum.chr --external=filter_alnum
	john --pot=custom.pot --make-charset=alpha.chr --external=filter_alpha
	john --pot=custom.pot --make-charset=digits.chr --external=filter_digits
	john --pot=custom.pot --make-charset=lanman.chr --external=filter_lanman

Those commands are specifying the pot file to use, john will default
to john.pot if you do not specify another. You can find rockyou.txt
and other good wordlists all over the internet have a look here for a
bunch of links: Note that the
commands above will overwrite the existing all, alnum, alpha, digits,
and lanman.chr files.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.