Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 26 Jan 2007 21:41:27 +0100
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: RE: Re: how to find a password of 16 digits


Johnny wrote:

>After hours I now that I have the choice between these three alternatives:
>- make my won 16digits.chr

Rather useless without any statistical information
regarding "letter" frequency ...

>- compile an external mode or
>- generate a wordlist.

You mean a file? How large do you expect it to be?

>Right or are there some more possibilities?

You didn't let us know how many "passwords" per second
your program can process...

>If I try to compile an external mode, my john.ini looks like this:
>[List.External:MyDigits]
>void init()
>{
>
>  word[15] = $[0-9];

$[0-9]$[0-9]$[0-9]$[0-9]$[0-9]$[0-9]$[0-9]$[0-9]$[0-9]$[0-9]
could work as a set of *MANY* rules to append 10 digits
to a wordlist of passwords consisting of 6 digits
(which you could create using incremental mode with
MinLen = 6 and MaxLen = 6).

But I doubt that John The Ripper was designed to process that many rules.

For external mode, you have to use C-like syntax
(a subset of C, actually).

The following external mode definition
########################################################
[List.External:16Digits]
void init()
{
  word[0] = word[1] = word[2] = word[3] =
  word[4] = word[5] = word[6] = word[7] =
  word[8] = word[9] = word[10] = word[11] =
  word[12] = word[13] = word[14] = '0';
  word[15] = '0' - 1;
  word[16] = 0;
}

void generate()

{
word[15]++;
if(word[15] > '9') {
word[15] = '0';
word[14]++;
if(word[14] > '9') {
word[14] = '0';
word[13]++;
if(word[13] > '9') {
word[13] = '0';
word[12]++;
if(word[12] > '9') {
word[12] = '0';
word[11]++;
if(word[11] > '9') {
word[11] = '0';
word[10]++;
if(word[10] > '9') {
word[10] = '0';
word[9]++;
if(word[9] > '9') {
word[9] = '0';
word[8]++;
if(word[8] > '9') {
word[8] = '0';
word[7]++;
if(word[7] > '9') {
word[7] = '0';
word[6]++;
if(word[6] > '9') {
word[6] = '0';
word[5]++;
if(word[5] > '9') {
word[5] = '0';
word[4]++;
if(word[4] > '9') {
word[4] = '0';
word[3]++;
if(word[3] > '9') {
word[3] = '0';
word[2]++;
if(word[2] > '9') {
word[2] = '0';
word[1]++;
if(word[1] > '9') {
word[1] = '0';
word[0]++;
if(word[0] > '9') {
word = 0;
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}

}
########################################################
works.

Run john like this:

./john --external=16digits --stdout | head -n 30

You'll see the first 30 "passwords":
0000000000000000
0000000000000001
0000000000000002
0000000000000003
0000000000000004
0000000000000005
0000000000000006
0000000000000007
0000000000000008
0000000000000009
0000000000000010
0000000000000011
0000000000000012
0000000000000013
0000000000000014
0000000000000015
0000000000000016
0000000000000017
0000000000000018
0000000000000019
0000000000000020
0000000000000021
0000000000000022
0000000000000023
0000000000000024
0000000000000025
0000000000000026
0000000000000027
0000000000000028
0000000000000029

But one problem remains. You'll probably have to wait 100 years to
complete processing, even if you can genrate and process several million
passwords per second.

Regards, Frank

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ