Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 19 Oct 2006 09:36:48 -0400
From: Brian Cuttler <brian@...sworth.org>
To: john-users@...ts.openwall.com
Subject: Re: John, word list question

Alex,

On Thu, Oct 19, 2006 at 01:18:40AM +0400, Solar Designer wrote:
> Brian -
> 
> On Wed, Oct 18, 2006 at 03:28:02PM -0400, Brian Cuttler wrote:
> > > > 1 AAD
> > > > 1 AADEL
> > > > 1 AADLAND
> > 
> > Just for reference, I find the odd entries in a file named "names.hp.gz"
> 
> Indeed.  I told you that filename a few messages back. ;-)

Yes, yes you did (after reviewing and finally understanding
yesterday's mail).

> > I combined our "good" files with the "all" file,
> 
> I don't think you needed to do that.
> 
> > ASSurnames.gz           actor-surname.gz        male-names.gz
> > Acr-diagnosis.gz        asteroids.Z             movie-characters.gz
> ...
> > World.factbook.Z        kjbible.Z
> > actor-givenname.gz      male-names-kantr.gz
> 
> All of the above files and many more have been considered for the
> Openwall collection and either merged (in some form) or rejected.
> I've just checked - I have a total of 1,335 input wordlist files that
> were considered for the collection.  (Most were duplicates with only
> minor file format conversions, etc.  Many were poor quality.)

I did find yesterday's mistake. I compared my current wordlist to the
wordlist generated by combining the files listed above. Actually they
probably should have been identical but they wheren't.

I had not initially compared my wordlist (not the list from the listed
files) with the "all" list.

You where right also in that I gained very few additional entries
when I combined my list (the list without the oddly formatted file)
with the all list (sort -u of both and ran through # wc). There were
relatively few additions.

Oddly/luckily/ironically, the local acronyms I wanted to add where
present in the new file, they must have come from the "all" file since
they had not been in my original password list which was a superset
of the listed-files. So if I'd gone with the "all" file to begin with...
or installed the updated 1.7x version of John...

> I don't expect that you will get (m)any more passwords cracked with your
> expanded wordlist than you would with plain all.lst.

You are right, relatively few.

> More importantly, you need to pick the new revision of password.lst from
> JtR 1.7+ - it has quite some very common passwords added compared to the
> revision from JtR 1.6 (that went into all.lst in the currently available
> revision of the Openwall collection).  You'll need to merge that new
> password.lst with the all.lst file that you've downloaded (place the
> password.lst entries first).  Alternatively, you can pick the new
> revision of all.lst from JtR Pro - it already has the new password.lst
> in it (and more).

I will, looks like a very worth while thing to do, especially as we 
have weakened our front end password change mechanism (I didn't know
that until yesterday). [Just as soon as I build a container for DNS
running "views" and build/test AMANDA to see if I can split/span DLE's
across tape volumes and recover them.]

> Yes, it's high time I put out a new revision of the Openwall wordlists
> collection with the new password.lst merged and with many more pending
> changes...

I'll stop distracting you then, you can help many. :-)

						thank you,

						Brian

> -- 
> Alexander Peslyak <solar at openwall.com>
> GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
> http://www.openwall.com - bringing security into open computing environments
> 
> -- 
> To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
> to the automated confirmation request that will be sent to you.
> 
---
   Brian R Cuttler                 brian.cuttler@...sworth.org
   Computer Systems Support        (v) 518 486-1697
   Wadsworth Center                (f) 518 473-6384
   NYS Department of Health        Help Desk 518 473-0773


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ