Date: Wed, 28 Jun 2006 06:09:56 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: rules - Q vs M and their effects on speed? On Mon, Jun 26, 2006 at 06:18:40AM +0000, Phantom wrote: > Was wondering if you could describe the effects of and difference between > Q and M in jtr rules and their effects of cracking speed? > I think the docs are little vague on this point.... doc/RULES describes these commands as: M memorize the word Q reject the word unless it has changed and indeed that's precisely what they do. You can think of the command letters as abbreviations for "Memorize" and "Query" to make it easier for you to remember them. > Maybe give some examples of the optimal usage of these two? The commands are intended to be used to reject candidate passwords that would be duplicates of those produced by another rule. For example, the following two rules: # Try words as they are : # Lowercase every word -c lQ might produce fewer duplicate candidate passwords than: # Try words as they are : # Lowercase every word -c l would. That's because some input words are already all-lowercase, so converting them to lowercase does not change them. The "Q" in the first example would reject words that are unaffected by the conversion. (Alternatively, words could have been checked for containing uppercase letters prior to the conversion to lowercase.) A more complicated example: # Lowercase and reverse pure alphabetic words !?AlMrQ This uses the "Memorize" command to make the "Query" apply to the "reversal" only, not to the "lowercase". Here, it is assumed that we've already tried "lowercased" words and now want to try "reversed" words that are affected by the "reversal". That is, we won't be trying palindromes here. "Query" doesn't have to be the last thing that we do in a rule: # Reverse and capitalize pure alphabetic words (fred -> Derf) -c >2!?AMrQc Here, we assume to have already tried all words in capitalized form. So we want to try capitalizing reversed words only if those words are not palindromes - hence the Memorize-reverse-Query check. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ