Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 13 Jul 2006 17:04:29 +0400
From: Solar Designer <>
Subject: Re: Filtering incremental attemps with known character

On Wed, Jul 12, 2006 at 10:41:36PM -0700, Andrew wrote:
> I'm trying to recover a lost password

Are you sure you need to do that?  It might be quicker to reset the

> in which I know I used a specific 
> character. I don't know exactly where I placed the character in my 
> password, but would like to speed up and incremental attempt at recovery 
> by filtering out generated words which don't contain this character. 
> I've been going through all of the external filter examples, but haven't 
> been able to come up with a working filter that can handle this.

Here is a working example:

void filter()
	int i, c;

	i = 0;
	while (c = word[i++])
		if (c == 'a') return; // try it

	word = 0; // skip it

> I've also seen a filter posted previously, which works great only when
> the position of the character is known.

You're probably referring to a filter() that actually inserts the known
character at the known position.  This may be a reasonable thing to do
even when the position is not known.  You'd have to run John multiple
times for different potential character positions, but the c/s rate may
be much higher since no processing time would be wasted on generating
candidate passwords that would get filtered out.

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ