Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Fri, 30 Jun 2006 06:54:15 +0000 (UTC)
From:  Phantom <phantom_otw@...oo.com>
To: john-users@...ts.openwall.com
Subject:  Re: rules - Q vs M and their effects on speed?

> It would help if you learn to quote relevant bits of context. 

I usually do that, but in this case I thought that you would be able to easily 
understand what I was referring to :)
 
> > it does make a difference in which order rules are entered in the
> > conf/ini file
> 
> Yes - because you want rules that happen to produce a higher success
> rate tried first - but this has nothing to do with the M and Q commands.

Ok, so basically that is because the sooner a password is cracked, the better
because then the follwing rules won't waste energy on the same hashes?

 
> > when the rules have a possibility "creating" duplicate candidate words.
> 
> That is irrelevant to the ordering of rules - but it is a reason to use
> the M and Q commands as appropriate.
> 
> > That way the Q can "cover" more than one rule/line?
> 
> All rule commands, including Q, are a part of the rule they're specified
> in only.  However, when writing a rule, it is wise to take into
> consideration other rules that you have in the same ruleset.
> 
> > I was under the impression that the Q and M switches were only applied to the
> > rule/line in which they appeared...
> 
> That's correct.

Well, then I don't understand your first example:

>For example, the following two rules:

># Try words as they are
>:
># Lowercase every word
>-c lQ
>
>might produce fewer duplicate candidate passwords than:
>
># Try words as they are
>:
># Lowercase every word
>-c l
>
>would.  That's because some input words are already all-lowercase, so
>converting them to lowercase does not change them.  The "Q" in the first
>example would reject words that are unaffected by the conversion.
>(Alternatively, words could have been checked for containing uppercase
>letters prior to the conversion to lowercase.)

Why do you include two lines here, if the Q does not cover more than one line?
I understood it as lowercase words that are tried on the first rule ":" are not
affected by the lowercase conversion in the second rule, which is why you
included the Q in the second rule -  to avoid the already tried lowercase 
words from the first rule to be "converted" by the second rule?

> > So how does one decide in which rules to include a Q in order to avoid 
> > as many duplicates as possible
> 
> You have to think and be smart.  I'm afraid that I can't provide a better
> answer.  Even if I would come up with step-by-step instructions, those
> would resemble an implementation of AI on top of your brain. 

I see.. guess I would have to pay you for that, ey? ;)


> You appear to think that the only reason to not use Qs is to avoid the
> processing costs associated with them.  This is not the case.  The
> primary reason why John does not imply a Q after each rule is that doing
> so would reject candidate passwords that are _not_ duplicates of any
> others.  Thus, Q should be used with care.

Yes, I am beginning to see that now, was just curious as to how big an impact
on speed they had- 


Please consider the below rules:

>8'7
>7'7
>8'6
>7'6
>6'6
>7'5
>6'5
>5'5

If using the "wordlist" below, I have tried placing Q's and M's at the end on
some of the rules, all of the rules, before and after the ', but I still
can't avoid getting duplicate words as a results of the above rules and the 
below wordlist - please advice?

<Wordlist>
bananas
bananasing
Bananas
Bananasinger
Bananasingerer
oranges
orAnges
orangesandapples
Orangesandapples
orangesandapplessuck

I get the same 46 words as output wether I use Q (and M) or not....
So guess I missed something obvious here :(


Regards


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ