Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 15 Sep 2007 13:28:35 +0200
From: Simon Marechal <simon@...quise.net>
To: john-users@...ts.openwall.com
Subject: Markov filter password generation

I just "released" an experimental support for Markov filter password
generation. This method has several advantages over the incremental mode:
* more effective in my tests, although it might be a bias induced by the
passwords files I'm cracking;
* supports long passwords (more than 8 chars)
* easy to distribute
* could be used to compute the "Markov strength" of any password and
display shiny graphics in audit reports :)

Grab it at http://btb.banquise.net/bin/myjohn.tgz

Usage:

john -markov=level:start:end:maxlen

Where:
* level is the maximum markov strength of passwords to be cracked
* start is the index of the first password to test (starts at 0)
* end is the index of the last password to test (0 means last possible
password)
* maxlen is the maximum length of tested passwords

In order to select a "level", you could use the new "genmkvpwd" in such
a way:

./genmkvpwd stats 0 12

Where "stats" is the path to the "statfile" and 12 is the maximum
password length, it will display lines like:

lvl=148 (3576 Kb for nbparts) 1348 K possible passwords (1348930)
lvl=149 (3600 Kb for nbparts) 1493 K possible passwords (1493186)

This means that at level 149, 1493K passwords will be generated, and
john will stop after that. You have to evaluate your cracking speed,
multiply by the desired time and you got the numbers of passwords you
can try. Just find the corresponding lvl.

You can easily distribute the work using the "start" and "end" parameters.


I need some feedback on this generator effectiveness, especially with
non french passwords. If it turns out it works well, I will release a
clean patch for JtR.

Enjoy!

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ