Date: Thu, 19 Oct 2006 09:36:48 -0400 From: Brian Cuttler <brian@...sworth.org> To: john-users@...ts.openwall.com Subject: Re: John, word list question Alex, On Thu, Oct 19, 2006 at 01:18:40AM +0400, Solar Designer wrote: > Brian - > > On Wed, Oct 18, 2006 at 03:28:02PM -0400, Brian Cuttler wrote: > > > > 1 AAD > > > > 1 AADEL > > > > 1 AADLAND > > > > Just for reference, I find the odd entries in a file named "names.hp.gz" > > Indeed. I told you that filename a few messages back. ;-) Yes, yes you did (after reviewing and finally understanding yesterday's mail). > > I combined our "good" files with the "all" file, > > I don't think you needed to do that. > > > ASSurnames.gz actor-surname.gz male-names.gz > > Acr-diagnosis.gz asteroids.Z movie-characters.gz > ... > > World.factbook.Z kjbible.Z > > actor-givenname.gz male-names-kantr.gz > > All of the above files and many more have been considered for the > Openwall collection and either merged (in some form) or rejected. > I've just checked - I have a total of 1,335 input wordlist files that > were considered for the collection. (Most were duplicates with only > minor file format conversions, etc. Many were poor quality.) I did find yesterday's mistake. I compared my current wordlist to the wordlist generated by combining the files listed above. Actually they probably should have been identical but they wheren't. I had not initially compared my wordlist (not the list from the listed files) with the "all" list. You where right also in that I gained very few additional entries when I combined my list (the list without the oddly formatted file) with the all list (sort -u of both and ran through # wc). There were relatively few additions. Oddly/luckily/ironically, the local acronyms I wanted to add where present in the new file, they must have come from the "all" file since they had not been in my original password list which was a superset of the listed-files. So if I'd gone with the "all" file to begin with... or installed the updated 1.7x version of John... > I don't expect that you will get (m)any more passwords cracked with your > expanded wordlist than you would with plain all.lst. You are right, relatively few. > More importantly, you need to pick the new revision of password.lst from > JtR 1.7+ - it has quite some very common passwords added compared to the > revision from JtR 1.6 (that went into all.lst in the currently available > revision of the Openwall collection). You'll need to merge that new > password.lst with the all.lst file that you've downloaded (place the > password.lst entries first). Alternatively, you can pick the new > revision of all.lst from JtR Pro - it already has the new password.lst > in it (and more). I will, looks like a very worth while thing to do, especially as we have weakened our front end password change mechanism (I didn't know that until yesterday). [Just as soon as I build a container for DNS running "views" and build/test AMANDA to see if I can split/span DLE's across tape volumes and recover them.] > Yes, it's high time I put out a new revision of the Openwall wordlists > collection with the new password.lst merged and with many more pending > changes... I'll stop distracting you then, you can help many. :-) thank you, Brian > -- > Alexander Peslyak <solar at openwall.com> > GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 > http://www.openwall.com - bringing security into open computing environments > > -- > To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply > to the automated confirmation request that will be sent to you. > --- Brian R Cuttler brian.cuttler@...sworth.org Computer Systems Support (v) 518 486-1697 Wadsworth Center (f) 518 473-6384 NYS Department of Health Help Desk 518 473-0773 -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ