Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 20 Dec 2005 21:21:21 +0100
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: RE: john improvement suggestions

Radim Horak wrote:
>Is it possible to disable log to avoid very large log files
>(with certain rules)?

A command line option (or an additional [config.name] section
in john.conf and a command line option to choose
a particular config) would be nice.
I would, however, be interested to know which rule
cracked a password.
(For algorithms with MAX_KEYS_PER_CRYPT > 1, sometimes
the new rule/incremental mode entry gets logged before
all the previously generated passwords have been tried,
even if the old rule/incremental mode entry generated
the right password.)

>I'd like to see some way to increase the benchmarking time to
>get more coherent/stable/exact figures.

Another config option;)

>Optimize regexp expansion order [a-z] according to some
>general/usage statistics.

This will be hard to do, since usage statistics depend at least on
-language preferences
-password rules

You can optimize manually, e.g. by specifying [enftisala-z] instead
of [a-z].

>- When there are psw. hashes cracked in session, does john skip cracking 
>them
>immediatelly? Or is there a session reload needed?

Additional question: is it possible to send a signal to other
currently running john instances, to let them re-read john.pot?

>- I use adhoc "wordlist" rules a lot, could there be some kind of this
>functionality: -rules:wordlist_set_1 for selecting wordlist rules??

You are not the first one asking for such a feature, see
http://permalink.gmane.org/gmane.comp.security.openwall.john.user/22
and
http://permalink.gmane.org/gmane.comp.security.openwall.john.user/23
(I wasn't the first one, either)

>Another good thing to do would be to re-feed the cracked
>passwords with the single-mode rules.

Some single-mode rules are invalid when applied to a password list.
I would like to decide which ruleset to try for cracked passwords.
You can easily do it manually/semi-automatically.

Hopefully, additional features will not impact John's cracking speed.


Regards, Frank


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ