Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 4 May 2016 10:12:37 -0500
From: jfoug <jfoug@...nwall.net>
To: john-users@...ts.openwall.com
Subject: Re: PBKDF2-SHA1 3DES/AES

On 5/4/2016 5:31 AM, Doc Case wrote:
> Thank you very much.
>
> I'll do it today. Again, I'm learning, but it is quite clear that a brute force attack will be very time consuming.
>
On very slow hashes like this, tools such as the unique process for john (in ./run/unique)
will be your friend.  There are a couple of keys to speeding things up a bit.

1. ONLY try good words. Brute force is usually not good unless you have LOTS of time.
2. NEVER try the same word more than once.

So to handle #2, you always want to prepare your word lists. Then run them through the
unique program, and use the -ex_file=xxx switch, to strip out ALL words from all of your
prior runs before doing the next one. Unique will make sure that the words you are sending
are unique, and then when used with the -ex_file switch, it will ALSO remove words that are
found in that other file. Then you simply keep growing that file as you run new words, and
before running anything new, you build the input file, and unique it (also against all prior
words), then add what is left to the prior words list, and run that list of what was 'left'.
Things like running rules, simply use john and the --stdout switch to run the input words
through the rules you want redirecting to a file. Then unique that file (with above steps),
and ONLY then, run the words that are left.  It is a lot more hand work, but it can speed
things up, and I have seen it speed up to 10x better, due to not every re-running a word
already checked.

Just my 2 cents worth of help here.  Good luck. Finding a targetted password, and especially
for a slow hash is HARD.

-- 
Community volunteer for John the Ripper project.



---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.