Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Feb 2014 19:34:12 -0500
From: "Richard B. Tilley" <rbt@....us>
To: john-users@...ts.openwall.com
Subject: Re: need to find a way to crack passwords with 16 to 20
 length

On Wed, Feb 19, 2014 at 12:02:29AM +0200, B O wrote:
> Hi,
> 
> I'm totally new at this and no programmer. I need to find a way to crack  a
> password  hash between 16 -20 length. I know the first 6 and need a way to
> have jtr work the rest using the incremental mode.
> Charset includes upper and lower case alpha numeric.
> 
> If the known 6  are "Jtrjtr"
> 
> One way is to brute force all the combinations. Say starting with
> Jtrjtraaaaaaaaaaa to Jtrjtr0000000000000
> And a faster approach may be no 2 adjacent chars will be the same, as in
> Jtrjtrab........................ not Jtrjtraa.......................
> Jtrjtr1a........................ not Jtrjtr11......................
> 
> 
> I tried the wordlist approach but there are way too many combinations,
> wordlist file/files are huge, not enough space on my disks, crunch says
> several petabytes
> 
> Being new at this I really don't know if I'm asking for too much.
> Any help is appreciated.

You know the first 6 characters, that's good. Best case, maybe you knocked-off 38 bits certainly at least 12. 

It's the last 10 to 14 characters that may stop you. JtR will certainly help, but it's not magic password cracking dust from Heaven. Assume that the last characters are truly random and were randomly chosen by an RNG seeded with atmospheric noise or radioactive decay. That's probably about 6.4 bits per character. If that's the case, then you're looking at 64 to 89 bits. Good luck with that. In a reasonable period of time? It's not feasible.  

Perhaps you can lower the space. Maybe those 10 to 14 charcters are based on a common English word? Then it's more like 2 bits per character. Much more likely to crack. That's only 20 to 28 bits. Anyone can count that high. That's doable even on a computer that counts slow. 

It really just depends. There is no magic. It's all basic math. Time and space. JtR can help.

Brad

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.