Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Wed, 4 Jan 2006 20:33:11 +0000 (UTC)
From:  Phantom <phantom_otw@...oo.com>
To: john-users@...ts.openwall.com
Subject:  Suggestion/requests and a few questions...

A couple of suggestions/request for future updates to JTR:

1) Add another character class command.
Similar to "s?CY - replace all characters of class C in the word with Y".

But instead replace all characters of one class with all characters of another
class.

If implemented, would this mean that all combinations are tried for each
replacement? 

(So if a word has more than one instance of the first class, all combinations
 of the second class would be tried for all instaces of the first one)

I wanted to replace vowels in words with symbols and signs, 
so I made this rule:
"<9>4/?vs?v[.,:;'\"?!`$%^&*()\-_+=|\\<>\[\]{}#@..."

However, I found that only 1 sign is replaced at a time - they are not mixed.
Would the above suggested addition solve this "issue"? 
And is it something you would consider implementing?


2) Possible expantion of the incremental function by building markov chains of
length 5
out of guessed password statistics based on john.pot,
and using these to generate the ("random") strings.

A friend of mine started making a tool for this to generate wordlists.
So source code could be made avaiable to you upon request.
(It is coded in c++, but the algorithm itself should be mainly c)


3) An option/switch for logfile creation during -single mode to also output
username (of the cracked hash) to the logfile.
This could help people gain insight into how single rules actually work
on different input words and help improve/optimize further rule creation.


In replies to other posts here, you mention your TODO-list for 1.7 ....is this
list to be found anywhere? if so, where?
If not, can it be made avaiable please? 
Will make it easier for us users NOT to suggest/comment on things others have
already suggested/commented on without having to remember/look through all
posts.. :)

Keep up then excellent work on JTR and hope to see 1.7 soon ;)

Best regards

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux