Date: Fri, 11 Nov 2016 20:15:19 +0100 From: Patrick Proniewski <patpro@...pro.net> To: john-users@...ts.openwall.com Subject: Re: alter default rules or filter, best way to focus on proper candidates? On 11 nov. 2016, at 19:30, Solar Designer wrote: >> the performance gain or loss is very hard to guess before hand, as it depends on the match between used rules and real passwords in the dump? > > Yes, but I primarily meant that you can rarely be sure that the candidate > passwords you'd be filtering out would not crack anything at all. This > question arises when performing security audits, rather than when doing > hobbyist cracking of public dumps as you seem to. I'm doing both, but the hobbyist part accounts for 99.9% of my time with JtR. While auditing passwords at work, I use what I've learned during this hobby but in a very focused way as I've already a good knowledge of what my users are doing. >> thanks. Would it be interesting to use "i != 10" inside Filter_LowerNum > > I guess you mean inside the modified Policy mode. yes, that would be replacing "--external=Filter_LowerNum --max-length=10" with a custom Policy mode >> instead of '--max-length=10' at command line? > > Yes, you can try doing it either way, but I expect the builtin > "--max-length=10" feature to be faster than the external mode's check. ok, thanks. patpro
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.