Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Wed, 01 Feb 2006 21:43:33 +0100
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: Re: roadmap

Solar Designer wrote:
>On renaming the "single crack" mode:
[...]
>It would be more correct to say that this is about "personally
>identifiable information".  This is a bit too restrictive, too, but in
>the absence of better suggestions it could be good enough.  Now, would
>"PII mode" and --pii sound good?..  Alternatively, should the option
>be --personal?

What about --individual, or just --ind
But I don't mind --single, either
(Isn't the functionality a feature provides more important than
the name?)

Just picking up this thread for further suggestions:

I think the "fast dummy" algorithm, which just uses hash=password,
is useful for some john users.
(Although, you might have to take special care of passwords
containing colons.)

Then, I'd like to have a new external mode function, in addition to
generate() and filter().
I'd like to be able to get the password candidates, and generate
an arbitrary number (0-N) of new password candidates based on
the input.

Last time I checked the documentation, EXTERNAL contained:

|The following functions are currently used by John:
|
|init()     called at startup, should initialize global variables
|filter()   called for each word to be tried, can filter some words out
|generate() called to generate words, when no other cracking modes used
|restore()  called when restoring an interrupted session

I'd like to use generate(), filter(), a combination of both,
or a new function to
-either: generate a new password based on the password
provided by john
-or: indicate that I don't want to generate more passwords based
on the last password provided by john's cracking mode

If you don't think this would be a useful feature, I could
explain the benefits I expect.
(A workaround is to use an external script which generates the
password candidates based on password lists or john --stdout.)


Frank

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux