Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Jan 2006 14:58:56 +0000 (UTC)
From:  Phantom <phantom_otw@...oo.com>
To: john-users@...ts.openwall.com
Subject:  Re: Incremental Alpha Quagmire

Arias Hung <arias@...> writes:

> 
> Another characterstic of JTR that I'm trying to wrap my mind around that
doesn't seem to me to be quite
> optimal 
> ... perhaps someone can point to the proper way to optimization in this case.
> 
> When configuring the conf file, the incremental for alpha is defined as: (in
my case I know the pw length that
> i'm attempting to decrypt)
> 
> [Incremental:Alpha]
> File = $JOHN/alpha.chr
> MinLen = 8
> MaxLen = 8
> CharCount = 26
> 
> What is baffling to me is the charcount, since it's listed as only 26 yet
alpha passwords seem always to be a
> mixture of upper and lowercase.
> 
> Should not the character count be 52?!?!
> 
> Also, it seems to take an exorbitant amount of time before john begins
attempting mixed (upper + lower)
> Alpha combinations.   
> 
> What would be the ideal way to get the upper/lower combinations to begin
immediately?  Wouldn't it be ideal
> to increase character count to 52 and consider upper and lower to be separate
character types as they
> certainly are treated as distinguished from one another as all passwords are
case sensitive?
> 
> 


Well, the alpha.chr is based on /generated from the contents of the john.pot
file, if nothing else is specified (as in one or multiple passfiles are used
when generating it).
Therefore the character distribution, frequency and dependencies are based on
the characters in the decrypted passwords in the john.pot file.

If the john.pot file contains decrypted passwords from "normal" passwords,
lowercase letters are more likely to be used and thus appear first when using
the alpha.chr charset.
Infact lowercase alphas are used alot more than uppercase - I did an analysis
based on several million username:pasword combinations +1 year ago which shows 
this.

I do not understand why you are seeing uppercase and digits when running your
alpha.chr - you must be doing something wrong. Did you use the default one?


See the filter used for alpha>
# Some pre-defined word filters
[List.External:Filter_Alpha]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if (c < 'a' || c > 'z') {
		word = 0; return;
	}
}

Should not contain uppercase or digits.

In order to get the upper/lower combinations to begin immediately I think you
would have to create en external mode and specify which character type to try
for each charater position.

Or, create a "fake" potfile with all characters a-zA-Z0-9, mix them randomly,
and generate a charset file from that.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ