On Wed, Jan 16, 2002 at 06:47:54PM +0100, martin f krafft wrote: > my problem is that the cronjob apparently runs for 1 second. no wait, i > just did it by hand (just like what cron does), and that's 1 minute, 55 > seconds. and it does find the easy passwords! > > however, and this leads me to another problem. in its default > configuration, john is configured with a wordlist in john.ini (who the > heck named that .ini), it has shells to ignore configured in > /etc/john-mail.conf, but *never* uses any of that information. Er... The patch that introduced the cronjob is mine -- I'll take another look at it. If the behavior during the cronjob is "only use GECOS information", then that's not really what I initially intended (I should have checked it better). BTW, now that you said, it would be nice if wordlists could be configured in a conffile too. > in fact, in it's default config, all it does is check the passwords with > GECOS information. that's definitely necessary, but pretty useless by > itself!!! it should really do wordlist matching *and* brute force > incremental afterwards.
I agree on the wordlist checking, but I am not sure about brute force... Anyway -- maybe all this can be turned into configurable options -- I'll think of something and talk to the Christian (the maintainer) later. J. --
