Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 19 Oct 2006 09:36:48 -0400
From: Brian Cuttler <brian@...sworth.org>
To: john-users@...ts.openwall.com
Subject: Re: John, word list question

Alex,

On Thu, Oct 19, 2006 at 01:18:40AM +0400, Solar Designer wrote:
> Brian -
> 
> On Wed, Oct 18, 2006 at 03:28:02PM -0400, Brian Cuttler wrote:
> > > > 1 AAD
> > > > 1 AADEL
> > > > 1 AADLAND
> > 
> > Just for reference, I find the odd entries in a file named "names.hp.gz"
> 
> Indeed.  I told you that filename a few messages back. ;-)

Yes, yes you did (after reviewing and finally understanding
yesterday's mail).

> > I combined our "good" files with the "all" file,
> 
> I don't think you needed to do that.
> 
> > ASSurnames.gz           actor-surname.gz        male-names.gz
> > Acr-diagnosis.gz        asteroids.Z             movie-characters.gz
> ...
> > World.factbook.Z        kjbible.Z
> > actor-givenname.gz      male-names-kantr.gz
> 
> All of the above files and many more have been considered for the
> Openwall collection and either merged (in some form) or rejected.
> I've just checked - I have a total of 1,335 input wordlist files that
> were considered for the collection.  (Most were duplicates with only
> minor file format conversions, etc.  Many were poor quality.)

I did find yesterday's mistake. I compared my current wordlist to the
wordlist generated by combining the files listed above. Actually they
probably should have been identical but they wheren't.

I had not initially compared my wordlist (not the list from the listed
files) with the "all" list.

You where right also in that I gained very few additional entries
when I combined my list (the list without the oddly formatted file)
with the all list (sort -u of both and ran through # wc). There were
relatively few additions.

Oddly/luckily/ironically, the local acronyms I wanted to add where
present in the new file, they must have come from the "all" file since
they had not been in my original password list which was a superset
of the listed-files. So if I'd gone with the "all" file to begin with...
or installed the updated 1.7x version of John...

> I don't expect that you will get (m)any more passwords cracked with your
> expanded wordlist than you would with plain all.lst.

You are right, relatively few.

> More importantly, you need to pick the new revision of password.lst from
> JtR 1.7+ - it has quite some very common passwords added compared to the
> revision from JtR 1.6 (that went into all.lst in the currently available
> revision of the Openwall collection).  You'll need to merge that new
> password.lst with the all.lst file that you've downloaded (place the
> password.lst entries first).  Alternatively, you can pick the new
> revision of all.lst from JtR Pro - it already has the new password.lst
> in it (and more).

I will, looks like a very worth while thing to do, especially as we 
have weakened our front end password change mechanism (I didn't know
that until yesterday). [Just as soon as I build a container for DNS
running "views" and build/test AMANDA to see if I can split/span DLE's
across tape volumes and recover them.]

> Yes, it's high time I put out a new revision of the Openwall wordlists
> collection with the new password.lst merged and with many more pending
> changes...

I'll stop distracting you then, you can help many. :-)

						thank you,

						Brian

> -- 
> Alexander Peslyak <solar at openwall.com>
> GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
> http://www.openwall.com - bringing security into open computing environments
> 
> -- 
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
> to the automated confirmation request that will be sent to you.
> 
---
   Brian R Cuttler                 brian.cuttler@...sworth.org
   Computer Systems Support        (v) 518 486-1697
   Wadsworth Center                (f) 518 473-6384
   NYS Department of Health        Help Desk 518 473-0773


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ