Posts: 2
Threads: 2
Joined: Nov 2011
Is there an option to force all passwords outside the acceptable range to be truncated instead of rejected? For example if the password range is 1-8 and the word is 'superman' when i use a rule such as: c^0 will it immediately reject the word because the result will be too long, or will it first capitalize the word, then prepend 0 and then determine it's too long? Because it refuses to test the result as 0Superma (which John will do)
obviously if i appended something to a word that was already maximum length or longer and it truncated the word and tested it anyhow, it would be testing the exact same word over and over, but in the case of prepending or some other rules such as reversing the full length of the word then truncating it may be beneficial.
Posts: 5,185
Threads: 230
Joined: Apr 2010
12-01-2011, 11:25 AM
(This post was last modified: 12-01-2011, 11:27 AM by atom.)
(11-30-2011, 09:11 PM)PHloGiSTo Wrote: Is there an option to force all passwords outside the acceptable range to be truncated instead of rejected? For example if the password range is 1-8 and the word is 'superman' when i use a rule such as: c^0 will it immediately reject the word because the result will be too long, or will it first capitalize the word, then prepend 0 and then determine it's too long?
if we are talking about slow algorithms (see wiki), the rule engine is cloned from hashcat (CPU version). it will determine it is to long in case it exceeds 64 chars, regardless of the algorithm. it will continue to apply all the rule functions. only the resulting wordlength is tested against the limitations for rejection.
(11-30-2011, 09:11 PM)PHloGiSTo Wrote: Because it refuses to test the result as 0Superma (which John will do)
are you sure about that? i had a talk to a jtr dev, bartavelle, who told me in this case jtr will not truncate, it will reject.
(11-30-2011, 09:11 PM)PHloGiSTo Wrote: obviously if i appended something to a word that was already maximum length or longer and it truncated the word and tested it anyhow, it would be testing the exact same word over and over, but in the case of prepending or some other rules such as reversing the full length of the word then truncating it may be beneficial.
well, this is a philosophical question. and it differs from CPU based rule engine to GPU based rule engine. in GPU based rule engine, there is no rule-depending reject. also, i tend to prefer reject in this case (on cpu) since you can add something like '8 to your rules which will truncate it to length 8. sure, it possible vice versa using a condition rule, but only on CPU - not on GPU.
