Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 18 Dec 2014 14:31:41 +0100
From: Patrick Proniewski <>
Subject: Re: content of passwd file and --single

On 18 déc. 2014, at 14:26, magnum wrote:

>>> #define issep \
>>>        "!\"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~\177"
>> Ok thanks! So basically I should be able to fill the GECOS field with many info grabbed from the LDIF file, just in case some user's passwd includes their phone number or staff ID.
> Yes. When attacking hashes from some DB dump that also includes eg. email addresses, full names and lots of other stuff, I use to stuff the gecos field with anything that can possibly make sense and in no particular order.
> If you put a lot of stuff there though, there is a limit in how many of them will be combined for creating "word pairs". Every word will be tried, but not every combination of pairs. In core Jumbo this limit is 4 and hard-coded in params.h. In bleeding-jumbo the limit is bumped to 6 and you can even change it in john.conf.
> This thread might explain it better:

Thank you for these info!


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.