Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 22 May 2005 22:16:46 +0200
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Feature request regarding --rules option

Hi,

I think it could be a useful feature if the --rules option would
accept an optional qualifier: --rules[=RULESET]

If not specified, the default rule set should be Wordlist when
the --rules option is used together with --wordlist[=FILE]
or --stdin.
It should be Single, if used together with option --single
(independent on whether or not --rules is specified together with
the --single option).
Or, just don't allow different rule sets for single mode.
I think it's more helpful for word lists.

With this addition, you don't need to edit john.conf, if you want
to apply a different set of rules.
Instead, you could maintain different rule sets and decide which rule
set to try in which sequence, for which word list(s), or for which
passwd file or --salts option.

Reasons to have different rule sets:

It does make sense to try more rules on small word lists
(e.g. names) or with --salts=20 first, check which rules cracked
most passwords, and apply these rules to larger word lists or for
the other salts.

For passwords cracked using the incremental mode, you could check
whether it makes sense to define new rules to crack other passwords
which might have been built using the same mangling rule.

For systems with different password policies, you could adjust the
sequence of rules accordingly.
E.g., if the users are required to change their password every
month, you'll frequently find password "schemes" like
secret01, secret02, ...
If you know the password has to be mixed case and contain at least
one special character, you can use this knowledge to adjust the
sequence of rules...

Another reason might be the recently discussed LANMAN and NT hash
issue.


One workaround is to use different directories and adjust the
[List.Rules:Wordlist] section of john.conf accordingly.
But then you'd have to synchronize the john.pot files.

The other workaround is to edit the john.conf file and rename a
section to [List.Rules:Wordlist] after renaming the old
[List.Rules:Wordlist] section.
But this is error prone if you have several instances of john
running at the same time.
If you have to restart your machine, you have to make sure to
restore the [List.Rules:Wordlist] section correctly before you
can resume cracking, otherwise the corresponding .rec file is toast.

Keeping Wordlist and Single as the defaults will ensure you can still
use your old .rec files after upgrading JtR to a newer version.

What do you think? Is this addition useful?
It should be fairly easy to implement.


Regards
Frank Dittrich


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ