Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 1 Feb 2006 15:13:51 +0300
From: Solar Designer <>
Subject: Re: Incremental Alpha Quagmire

On documenting the john.pot format such that people could easily create
fake john.pot files and generate .chr files out of those, which I don't
think is such a great idea:

On Tue, Jan 31, 2006 at 06:33:55PM -0800, Arias Hung wrote:
> While I certainly am not to dispute what you're saying here, my goal
> is merely to create an appropriate 'mixed case' chr file as you suggested
> that I do by use of a fabricated john.pot file.  With my case being
> one of attempting to crack passwords where a combination of upper
> and lower are enforced on the system, my suggestion of documentation
> was made simply due to the lack of options one has as a 'novice' of john
> to create chr files outside outside of what's provided. So in my case
> I'm not sure what the point of recommending that I 'not' create my own
> john.pot.

The point is that you're likely to get a much worse success rate with
your custom .chr file generated in the way we've discussed - just try
it out, compare to the success rate with the provided all.chr, and get
back to us with your results. :-)

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ