Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 29 May 2013 01:07:31 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: How to limit the number of guesses?

On Tue, May 28, 2013 at 10:44:11PM +0200, magnum wrote:
> On 28 May, 2013, at 21:59 , Frank Dittrich <frank_dittrich@...mail.com> wrote:
> > The first mode in a default run is single mode.
> > How does AutoStatus count the number of candidates if this number
> > 1. depends on user name and other information that is used to generate
> > candidates
> 
> Basically, each word is counted once. If the same word/username is applicable to another user with *same* salt, it will not be hashed nor counted again. If the same word/username is applicable to another user with a *different* salt, it will be used - and counted - again in Single mode. In terms of AutoStatus this is the same situation as a dupe word in a wordlist. It will be counted again.

It's trickier than that: candidate passwords to be tested against hashes
with a certain salt may come from user-specific info for hashes with
that salt (with some non-perfect dupe suppression), or they may come
from successful guesses for any salt.  The JtR builtin candidates counter
used for the reported p/s rate in the upcoming JtR 1.8 release uses a
certain tricky algorithm to count single crack mode's candidate
passwords in a certain reasonable fashion (although there's no one right
way to count them).  AutoStatus does not implement anything like that.
I certainly never intended the Auto* modes to be used with single crack
mode, and I recommend that they not be used with single crack mode.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.