Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Jan 2007 10:37:50 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: how to find a password of 16 digits

I've already provided a fairly elaborate response (yes, I had to postpone
this until the weekend), but I'll comment on further postings on this
topic as well:

On Fri, Jan 26, 2007 at 12:33:12PM +0000, Johnny wrote:
> After hours I now that I have the choice between these three alternatives:
> - make my won 16digits.chr 
> - compile an external mode or
> - generate a wordlist.
> 
> Right or are there some more possibilities?

You've described the above ones poorly.  Yes, you can make your own
16digits.chr (or digits16.chr as I've called it in my previous response
that I've just posted), however this requires that you recompile JtR
from source first (see my previous response).

You can also define an external mode.  You do not need to explicitly
compile it; JtR does that for you transparently at startup.

You cannot reasonably generate a wordlist and save it to a file because
it would be too large (see my previous message).  However, either one of
the two approaches mentioned above (a custom JtR build with a custom
.chr file or an external mode) can be used to have JtR send such a
wordlist to stdout, letting you pipe it into another program.

> If I try to compile an external mode, my john.ini looks like this:
> [List.External:MyDigits]
> void init()
> {
> 
>  word[15] = $[0-9];
...

This (and the rest of it) doesn't make sense, which is why it also
doesn't work.  This one works:

[List.External:Digits16]
int maxlength;				// Maximum password length to try
int length;				// Current length

void init()
{
	int minlength;

	minlength = 16;			// Must be at least 1
	maxlength = 16;			// Must be at least same as minlength

	length = 0;
	while (length < minlength) word[length++] = '0'; // Start with all 0's
	word[length - 1]--;
	word[length] = 0;		// NUL termination
}

void generate()
{
	int i;

	i = length - 1;			// Start from the last character
	while (++word[i] > '9')		// Try to increase it
	if (i)				// Overflow here, any more positions?
		word[i--] = '0';	// Yes, move to the left, and repeat
	else				// No
	if (length < maxlength) {
		word[i = ++length] = 0;	// Switch to the next length
		while (i--)
			word[i] = '0';
		return;
	} else {
		word = 0; return;	// We're done
	}
}

void restore()
{
	length = 0;			// Calculate the length
	while (word[length]) length++;
}

However, it is unusable in practice because the number of candidate
passwords that it tries to produce is too large.  Well, you can let it
run for a year, but your chances of it hitting the right password are
slim.  You need to customize it some further with other information on
your target password (e.g., fix the first few digits).

> For this task a little charset would be sufficent for me. Could someone make 
> me a charset file for a 16 digits incremantal mode, please?

It won't work with a standard build of JtR, and if you do a rebuild as
I've explained in my previous response, you can also generate a .chr
file on your own easily.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ