Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Jan 2009 21:25:27 -0600
From: Steve Bergman <>
Subject: Re: Clarification desired on modifying incremental
 mode to handle 9 chars

Thank you very much for those clarifications. (And also for your
response to my previous query.) Yes, my plan was to use any new .chr
file only for the core running length 9 checks.

The exercise I have set for myself is this:

I have a single md5 hash (obviously, with a single salt) in a shadow
file on an old machine I don't use anymore. I set this password myself,
and haven't the foggiest idea what I set it to so long ago. (Yes, I
could just edit the passwd file if I really cared. But this is for
educational amusement and as a vehicle for learning more about john. I
like having a concrete application.)

On my Q6600, what I have done is followed your recommendations from
various threads and assigned length 8 to one core, length 7 to another,
length 6 to another, and 0-5 to the remaining core.  (BTW, looking over
the progress in the logs, I'm pretty satisfied as to that distribution
of work.) This is using the default 95 char range, since I think this
might be a reasonably good password. In 15 hours, if I am reading the
logs correctly, it has polished off all the length 1, 2, 3, and 4
checks, as each of those has gotten to "character count 95".  (Length 5
is at 58, length 6 is at 31, 7 at 19, 8 at 13.)

Indeed, the 8 character search space is already mind-boggling. And 9
would be 95 times that. I'm hoping that john's "work smarter, not
harder" strategy might come though. If it doesn't, that's OK, too. It is
nagging me that I may very well have set a nine character password.  And
I don't think I would have set one to less that 6 chars. So at some
point, I may move the 0-5 length session to a slower machine and try out
9 length for a while on the freed up Q6600 core. But I understand what
you are saying about it being suboptimal use of the core.  The mind does
not deal with scale well, and "95 * unthinkably_huge" doesn't seem that
much larger than just "unthinkably huge". But human psychology keeps
saying "try it, anyway". ;-)

My best guess, however, is that the password might be exactly 8
characters, with a single numeral or special character, possibly at the
end, as I think I was tending to do that back then. 

I'll have a look at that wiki link.


To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ