Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 25 Jan 2024 09:20:57 -0500
From: Stephen John Smoogen <>
Subject: Re: DES passwords not cracked within hours

On Thu, 25 Jan 2024 at 09:13, Matthias Apitz <> wrote:

> El día miércoles, enero 24, 2024 a las 04:55:16 +0100, Solar Designer
> escribió:
> > On Wed, Jan 24, 2024 at 02:14:16PM +0100, Matthias Apitz wrote:
> > > Now I have another use case and using the same installation 'john' is
> > > unwilling to crack a single line password file in hours:
> >
> > This happens.  Not every password is easily crackable.
> >
> > > What I do wrong?
> >
> > Not exactly wrong, but there are a few things you can do to improve your
> > chances and speed this up:
> >
> Thanks for your comments and hints.
> As I said, I used the same installation tree as in October 2022. At this
> time I could crack a password in ~20 minutes as the files proof:
> ~/guru/john-1.9.0-jumbo-1/run> ls -ltr --full-time john.pot /tmp/pins.des
> -rw-r--r-- 1 sisis sisis 104 2022-10-13 13:25:49.403363915 +0200
> /tmp/pins.des
> -rw------- 1 sisis sisis  21 2022-10-13 13:44:58.261868507 +0200 john.pot
> ~/guru/john-1.9.0-jumbo-1/run> cat john.pot
> aAwfYXwckrtz6:010473
> The actual DES hash has the same length and the clear PIN only consists
> of 6 chars: one small letter, 4 digits and the #-symbol. And it's still
> running and after ~17 hours w/o any result.
So if this was done on the same hardware, it just means that those earlier
passwords were closer to ones that various John incremental is built from
and this one isn't. Incremental is going to run up and down the various
guess lengths of most common password patterns which may not be close to
what your password has in it. [aka 8 letters and 7 letters combinations
will be be tested as long as 6 letter combinations in order to cover the
space.] If you know the pattern is
'[a-z0-9#][a-z0-9#][a-z0-9#][a-z0-9#][a-z0-9#][a-z0-9#]' then you can use
that and get a faster fix. If you know the exact pattern is
'[a-z][0-9][0-9][0-9][0-9][0-9][!@...^&*]' or something like that, you can
search that space with a specific rule or possibly command line argument.

>         matthias
> --
> Matthias Apitz, ✉,
> +49-176-38902045
> Public GnuPG key:
> I am not at war with Russia.  Я не воюю с Россией.
> Ich bin nicht im Krieg mit Russland.

Stephen J Smoogen.
Let us be kind to one another, for most of us are fighting a hard battle.
-- Ian MacClaren

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.