Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 24 Jan 2024 15:09:04 +0100
From: Albert Veli <>
Subject: Re: DES passwords not cracked within hours

You are trying about 16 million passwords per second. Old Unix descrypt can
hold max 8 characters. Even if it is only lowercase a-z it will be 26**8 //
16000000 seconds which is about 217 minutes. But if you mix in uppercase it
will take much longer. It will be 52**8 password candidates which will take
about 928 hours on your computer. Mixing in special characters and digits
increases the time even more.

The default wordlist password.lst have about 1.8 million lines and the
default rules Single and Wordlist have about 1000 and 2800 rules so they
are done within minutes. But incremental ASCII ... that can take a very
long time, as I explained in the first paragraph. It is because of the
large number of combinations. If you know something about the password you
can narrow it down. If you for instance know the length or if you know what
types of characters are in the password. Are there digits? Are there
special characters?

On Wed, Jan 24, 2024 at 2:29 PM Matthias Apitz <> wrote:

> Hello,
> I've used 'john' already in October 2022 to crack con success on DES
> crypted passwords on SuSE Linux...
> Now I have another use case and using the same installation 'john' is
> unwilling to crack a single line password file in hours:
> $ cat /tmp/passwd.des
> john:aAxxxxxxxxxxx
> $ cd ~/guru/john-1.9.0-jumbo-1/run
> $ ./john /tmp/passwd.des
> Using default input encoding: UTF-8
> Loaded 1 password hash (descrypt, traditional crypt(3) [DES 256/256 AVX2])
> Will run 4 OpenMP threads
> Proceeding with single, rules:Single
> Press 'q' or Ctrl-C to abort, almost any other key for status
> Almost done: Processing the remaining buffered candidate passwords, if any.
> Warning: Only 783 candidates buffered for the current salt, minimum 1024
> needed for performance.
> Proceeding with wordlist:./password.lst, rules:Wordlist
> Proceeding with incremental:ASCII
> Warning: MaxLen = 13 is too large for the current hash type, reduced to 8
> (pressed any key after minutes)
> 0g 0:00:04:51 0,00% 3/3 (ETA: 2036-12-10 21:44) 0g/s 16495Kp/s 16495Kc/s
> 16495KC/s kbgiega..kbg2hat
> 0g 0:00:07:32 0,00% 3/3 (ETA: 2036-09-20 05:23) 0g/s 16787Kp/s 16787Kc/s
> 16787KC/s c6ctbe..c6c9fz
> What I do wrong?
> Thanks
>         matthias
> --
> Matthias Apitz, ✉,
> +49-176-38902045
> Public GnuPG key:
> I am not at war with Russia.  Я не воюю с Россией.
> Ich bin nicht im Krieg mit Russland.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.