Re: john is weird!

[Jeronimo Pellegrini <pellegrini@mpcnet.com.br>]

On Wed, Jan 16, 2002 at 06:47:54PM +0100, martin f krafft wrote:
> my problem is that the cronjob apparently runs for 1 second. no wait, i
> just did it by hand (just like what cron does), and that's 1 minute, 55
> seconds. and it does find the easy passwords!
> 
> however, and this leads me to another problem. in its default
> configuration, john is configured with a wordlist in john.ini (who the
> heck named that .ini), it has shells to ignore configured in
> /etc/john-mail.conf, but *never* uses any of that information.
 
Er... The patch that introduced the cronjob is mine -- I'll take another
look at it. If the behavior during the cronjob is "only use GECOS
information", then that's not really what I initially intended (I should
have checked it better).
BTW, now that you said, it would be nice if wordlists could be configured
in a conffile too.
 
> in fact, in it's default config, all it does is check the passwords with
> GECOS information. that's definitely necessary, but pretty useless by
> itself!!! it should really do wordlist matching *and* brute force
> incremental afterwards.

I agree on the wordlist checking, but I am not sure about brute force...
Anyway -- maybe all this can be turned into configurable options -- I'll think
of something and talk to the Christian (the maintainer) later.

J.

--