Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Jul 2012 20:39:04 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Some more external mode definitions

On 07/20/2012 08:06 PM, Solar Designer wrote:
> On Fri, Jul 20, 2012 at 07:27:00PM +0200, Frank Dittrich wrote:
>> The first patch creates new [List.External:Repeats_*] sections, similar
>> to [List.External:Repeats], but with a limited character set.
>> Repeats_digits: '0' - '9'
>> Repeats_lowercase: 'a' - 'z'
>> Repeats_printable_ASCII: ' ' - '~'
>> The common logic has been moved into [List.External_base:Repeats].
> 
> I don't mind, but I felt that Repeats was quick enough as it was, except
> maybe for very slow hashes/ciphers - but in those rare cases you'd
> probably want to reduce the length first / as well.

I just thought that printable characters are more likely, and it saves
more than 50% of the run time. I intended to use it for slow hashes.
The maximum length is not that much of a problem for me, because for
slow hashes, I intend to interrupt the session when the length has
reached the maximum supported length of the format (e.g., 27 for mscash2).
BTW: I should try to write a patch which makes the max. password length
(for the format, or specified using --stdout=LENGTH) available in
external modes.
Then, the external mode could stop if the length exceeds the max. length.

Without these new external modes, you could also use --stdout and grep
for the characters you want to include / exclude, and use a word list
file instead.
This would even have the advantage to use just the missing characters in
a repeated run, whereas with the external mode, you'd have to use all
the characters from ' ' to 0xff.

So may be it really isn't worth adding these external modes.

>> The second patch adds a simple Rot13 filter, [List.External:Filter_Rot13].
>> Words that don't contain any letters (and would remain unchanged after
>> applying rot13) are skipped (word = 0).
> 
> Please document this detail in a comment.

OK, new patch attached instead of the old one.
(For me it would be obvious to skip unchanged words which probably
should have been tried before trying mangled words.)

Frank

>From 2c6753ac4605578072ff1a00d447db5aa0853b63 Mon Sep 17 00:00:00 2001
From: Frank Dittrich <frank_dittrich@...mail.com>
Date: Fri, 20 Jul 2012 19:07:50 +0200
Subject: [PATCH] Add [List.External:Filter_Rot13]

---
 run/john.conf |   26 ++++++++++++++++++++++++++
 1 files changed, 26 insertions(+), 0 deletions(-)

diff --git a/run/john.conf b/run/john.conf
index d9e51c7..4157ce1 100644
--- a/run/john.conf
+++ b/run/john.conf
@@ -1543,6 +1543,32 @@ void filter()
 	word[i] = map2[(o & 0xfff) + (e >> 12)];
 }
 
+# Trivial Rot13 Example
+# Words which don't contain any letters (and thus wouldn't be changed
+# by Rot13) are skipped, because these unchanged words probably should
+# have been tried before trying a mangled version.
+[List.External:Filter_Rot13]
+void filter()
+{
+	int i, j, c;
+
+	j = 0;
+	i = 0;				// Convert to uppercase
+
+	while (c = word[i]) {
+		if ((c >= 'a' && c <= 'm') || c >= 'A' && c <= 'M' ) {
+			word[i] = c + 13;
+			j++;
+		} else if ((c >= 'n' && c <= 'z') || c >= 'N' && c <= 'Z' ) {
+			word[i] = c - 13;
+			j++;
+		}
+		i++;
+	}
+	if (j == 0)
+		word = 0;
+}
+
 # Trivial parallel processing example
 [List.External_base:Parallel]
 /*
-- 
1.7.7.6


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ