Date: Mon, 17 Mar 2008 04:21:27 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: charsetmaking - 8-bit characters On Thu, Mar 13, 2008 at 01:17:49AM +0100, Bucsay Bal?zs wrote: > I tried to make a hungarian charset today, but it wasnt work me. I put > the special hungarian characters to the john.pot and i tried to run this > command: > ./john --make-charset=hung.chr > > Without the special characters it count 79character > Successfully written charset file: magyar.chr (79 characters) > > But with those, it stayed at 79, or decreased. I think the john doesnt > like the hungarian characters :'( By default, JtR will only process the 95 printable US-ASCII characters when generating and making use of .chr files. You can change this by editing params.h and re-compiling. To have JtR support arbitrary 8-bit characters, use these settings: #define CHARSET_MIN ' ' #define CHARSET_MAX 0xFF #define CHARSET_SIZE (CHARSET_MAX - CHARSET_MIN + 1) #define CHARSET_LENGTH 8 #define CHARSET_SCALE 0x10 that is, you change CHARSET_MAX from 0x7E to 0xFF and CHARSET_SCALE from 0x100 to 0x10, leaving the rest at the defaults. Of course, you'll be forced to generate new .chr files (old ones won't work with this build of JtR at all). Some john-users might notice that with the above settings we're actually slightly exceeding 64 bits for ((SIZE ** LENGTH) * SCALE), which the comment says to not do. However, in reality the requirement is not so strict; I just picked a simpler description for the comment. The self-test performed by current versions of JtR makes sure that things don't go wrong - if there are overflows, JtR will refuse to generate charset files rather than generate them incorrectly. For some other approaches at cracking passwords with 8-bit characters in them, see this older posting: http://www.openwall.com/lists/john-users/2006/02/16/1 You may also find the "DumbForce" external mode sample from this posting useful (customize it for your desired charset and lengths): http://www.openwall.com/lists/john-users/2008/02/24/1 Finally, what hash type(s) are you going to use this with? Please note that the traditional DES-based crypt(3) hashes process input characters as 7-bit, ignoring the 8th bit. This means that you might be able to represent your 8-bit characters with their 7-bit equivalents - and thus have a smaller charset, allowing you to crack your passwords faster. -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ