Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Apr 2013 02:42:39 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: revised incremental mode and charset files

On 28 Apr, 2013, at 2:14 , Solar Designer <solar@...nwall.com> wrote:
> On Sun, Apr 28, 2013 at 01:27:22AM +0200, magnum wrote:
>> Seriously though, we could add one to bleeding. We'll end up with a lot of things on the menu but maybe that is just a good thing. What do you (all) say?

Just for clarity I had the idea that the alnum-case thingy would probably be a Jumbo-only alternative.

> I have some thoughts on the matter, but I have no time for a discussion
> right now.  One of the aspects I am going to consider is download size
> of the tarball that will include at least some of the .chr files for
> which we provide john.conf sections.  For example, for all.chr or maybe
> ascii.chr (hey, I independently thought of this name!), I may apply a
> filter() which limits the length to 15 and charset to the 95 ASCII chars.

I'm not going to argue desperately against that but it has the downside that "upgraded" files will not be compatible (actually I'm not 100% sure: Will they?). I did think we could/should have a default MaxLen of lower than 24 but I'm not sure it's a good idea to limit the actual charset files. In Jumbo, we can over-ride MaxLen (in john-conf) with --max-len (command-line option). It's a pity you don't have that in core.

> The resulting file (from RockYou) is 6 MB.  Without the limits, and with
> the compile-time CHARSET_LENGTH of 24, it is 9 MB.  Those extra 3 MB are
> mostly useless data.

I agree with that last sentence though.

>  For digits.chr, though, I am going to leave it
> without stricter length limits, so it'll go up to length 24.

But will you use MaxLen=24 in john.conf? Maybe you should, I am not sure. I think defaulting to 8 would be better if you could over-ride it.

> Another option is to provide a separate tarball with .chr files - all of
> them? or just extras?  I think a basic set of RockYou-based charset
> files may be about 10 MB compressed, but a full set about 40 MB or more.

Welcome to 2013. a 50 MB john-core tarball is tiny!

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ