Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANqqEddwBGgaw5RnXgk=FrOuieudU5OiJddgPr+TvCwgw7DWYQ@mail.gmail.com>
Date: Sat, 3 Dec 2011 13:12:20 +0200
From: Caesarmv <caesarmv@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: AMD X6 multicore issue

>
> > I'm trying to get 9 character pass (SHA512).
> What are you doing this for?  (Your answer may affect what I'd recommend.)
>

I'm testing one of my passwords (9 chars only).
It contains:
1) letters (no any existent words used)
2) digits
3) symbols

For example: ewf%ll1!1

So it can't be cracked with words list. I'm interesting to know how much
time  it needs  to crack it.


> I'm using 1.7.9 with openMP and default settings.
> > Command line: ./john pass.txt
>
> For a slow hash type like this, you won't get very far with incremental
> mode, so you may want to focus on trying various password lists,
> including with word mangling rules.  You've already tried the included
> password.lst with the default set of rules.  You can add to that by also
> trying "-w=password.lst --rules=single" (use a larger ruleset) and/or
> larger leaked password lists such as those found at:
>
> http://www.skullsecurity.org/wiki/index.php/Passwords
> http://dazzlepod.com/disclosure/
>
> You need to start with smaller ones of these lists, sorted for
> decreasing number of occurrences of each entry.  On the other hand, even
> going over the entire RockYou list, which is about 14 million unique
> entries (IIRC), will only take you a few hours (since you only have 2
> salts to compute hashes against, IIRC).
>
> You can also try all.lst from:
>
> http://download.openwall.net/pub/wordlists/
>
> Since you're dealing with slow hashes, you may want to eliminate any
> duplicate candidate passwords (resulting from application of rules) with
> this approach given in doc/EXAMPLES:
>
> ./john -w=password.lst --rules=single --stdout | ./unique mangled.lst
> ./john -w=mangled.lst pass.txt
>
> (and ditto for other source wordlists).
>
> > How much time it can take to decrypt such password?
>
> It depends.  The password might be cracked instantly or it could take
> forever, or it could be anything inbetween.  The latter is most likely.
> See also "Q: How long should I expect John to run?" in doc/FAQ.
>
> > Are there any restrictions for pass length or I can decrypt pass with any
> > length with default john settings?
>
> Incremental mode is limited to lengths up to 8 by default.  Other
> cracking modes are not limited in length (for practical purposes).
>
> This means that when you're running in incremental mode, which you are
> (pass "3" is it), you definitely won't get your length 9 password
> cracked - unless you customize the CHARSET_* settings in params.h,
> re-compile, generate a new .chr file, and use that.  My advice, though,
> is that you focus on wordlist mode with rules instead.  You're very
> unlikely to crack a length 9 password against a slow hash like this with
> incremental mode even if you customize the settings.
>
> Alexander
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.