Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Feb 2012 19:26:07 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: stacking rules and external filters on top of other modes (was: --external=Keyboard mode [was: john-users])

On Mon, Feb 13, 2012 at 12:32:27AM +0100, magnum wrote:
> On 02/11/2012 02:18 PM, Solar Designer wrote:
> > On Sat, Feb 11, 2012 at 12:03:21PM +0100, madfran@...-ezine.org wrote:
> >> Are you sure that also capital letters are used in this cracking mode?
> > 
> > Capital letters are not included in this mode by default.  You'd need to
> > adjust it if you want to include capital letters.
> 
> I was going to add that you can use --ext=keyboard and --rules=NT
> together but I realised you can't (unless piping to another instance of
> john). Is this something you could change? Maybe it becomes tricky in
> some cases?

I think we can add support for wordlist rules on top of external modes
fairly easily, but:

I think that in the long run we need to add generic support for stacking
of multiple cracking modes together - including e.g. multiple rulesets
at once (I hear that hashcat got such feature recently), rules on top of
anything (not just on top of external modes, but also on top of e.g.
incremental mode and Markov mode), ... and we already have external
filter() on top of everything, but just one filter at a time - whereas
we need to allow multiple filters at once.

My initial idea was to make the batch mode configurable.  Currently,
it is just single crack (pass 1) followed by wordlist with rules (pass
2) and followed by incremental mode (pass 3).  We may instead have a
john.conf section that would define arbitrary batch modes, including
those involving parallel application of multiple rulesets or/and
external filters.

However, we can in fact add support for requesting this from the
command-line as well (I think this is what hashcat did).

Maybe we need to support both parallel and sequential application of
multiple rulesets/filters.  In both batch mode and command-line, it
makes sense to be able to specify either thing (in different cases).
I am not sure about the syntax to distinguish the two, though.  Should
simple "--rules=a --rules=b" invoke the two rulesets in parallel (so
e.g. if the rulesets have 3 rules each, that will be an equivalent of 9
rules total) or sequentially (6 rules total for the same example)?  And
how do we specify the other thing?  Ditto for combinations of rules and
external filters (sequential vs. parallel).  Any suggestions?

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ