Date: Mon, 13 Jun 2005 19:04:05 -1000 (HST) From: newsham@...a.net (Tim Newsham) To: solar@...nwall.com (Solar Designer) Cc: john-users@...ts.openwall.com, newsham@...a.net Subject: Re: Cracking japanese passwords? > Sorry for the delayed response. I am handling these in batches, as > you can see. ;-) Sorry for the late reply to your reply -- just noticed a ton of mail got missorted and had to manually go back over them... > It's nice to see you post here. It'd be even better if you also were > subscribed; it's not hard for me to copy you on this response knowing > that you are not on the list, but others wouldn't know. I dont mind, I'm following the list archives on the web.. > Alternatively, if you don't mind messing with John source code, you > could implement a whole new cracking mode for Japanese passwords. > You can check out external.c: do_external_crack() and wordlist.c: > do_wordlist_crack() (and other functions in those source files) for > a couple of examples. Hmm.. I'll look into this... > But it'd be easiest to implement your idea with an external script, > such as in Perl. You'd feed the output of such a script into > "john --stdin ..." (if you do not require crash recovery) or you'd > save it in a file and use that as a wordlist. For the numbers you've > provided above, the file size would be around 1 GB. I was doing this in python so far. I wasnt aware of the stdin option (I'm fairly new to John), so I spit it out to a file, but it was somewhat of a pain due to the slowness of python writing to disk and having to generate small subsets of the list at a time (I was in a small vmware at the time). --stdin would definitely have helped at the time :) Perhaps I should just write a small C generator and submit that. > Now, an idea you might not have considered: place all possible > Japanese-like passwords into a fake john.pot, then use that to > generate a japanese.chr. Then define a new "incremental" mode and use > that. The new mode won't be limited to trying the passwords that were > generated (although most of these will be tried earlier than others), > but it'd also catch misspellings. Hmm.. I'll have to look into the .pot files to understand what you're describing. Thanks for the lead. > Any possible implementation of this would be a welcome contribution. I'll let you know what I come up with. > Alexander Peslyak <solar at openwall.com> Tim N.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ