Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Mar 2012 22:53:49 +0100
From: Claudio Broglia <xeon@...root.eu>
To: john-dev@...ts.openwall.com
Subject: Re: Adding a new format

Hi,
a bit sluggish but I'm still working on this. I've developed a working
plugin for john for the hash format I'm poking with, when it will be
completed I'll release it.

For now, I'm trying to improve it taking advantage of the issues it has,
that I mentioned before. In particular:
- it supports only uppercase passwords
So far, I toupper()-ize every key given by john, which is working just fine.
To improve incremental mode speed, I was thinking of building a
dedicated charset. So, I read the posts linked in the wiki, which advise
to generate a fake john.pot and generate a new charset from it,
filtering out unwanted chars using external mode. I was going to do
this, but then I thought: what if, in the, say, 100000 passwords in the
fake john.pot I generate with john --incremental=all --stdout, some char
is missing? I mean, I want in my charset all the possible chars, just
excluding the lowercase ones.
To improve wordlist mode speed, the external mode filter is the best way?

- I know in advance password length (!)
Because password's length is used as one of the salt parameters (yes,
it's true. no, I didn't design this format.) I know it in advance. What
would be a smart way to take advantage of this?

And if I can borrow some more counsel...
- I've understood correctly the meaning of CHARSET_LENGTH in params.h?
Being set to 8 by default, john will not generate password longer than
that without modifying john sources and, after, rebuilding the charset?

Thanks in advance!
Claudio


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ