Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 17 Mar 2008 04:21:27 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: charsetmaking - 8-bit characters

On Thu, Mar 13, 2008 at 01:17:49AM +0100, Bucsay Bal?zs wrote:
> I tried to make a hungarian charset today, but it wasnt work me. I put 
> the special hungarian characters to the john.pot and i tried to run this 
> command:
> ./john --make-charset=hung.chr
> 
> Without the special characters it count 79character
> Successfully written charset file: magyar.chr (79 characters)
> 
> But with those, it stayed at 79, or decreased. I think the john doesnt 
> like the hungarian characters :'(

By default, JtR will only process the 95 printable US-ASCII characters
when generating and making use of .chr files.  You can change this by
editing params.h and re-compiling.  To have JtR support arbitrary 8-bit
characters, use these settings:

#define CHARSET_MIN			' '
#define CHARSET_MAX			0xFF
#define CHARSET_SIZE			(CHARSET_MAX - CHARSET_MIN + 1)
#define CHARSET_LENGTH			8
#define CHARSET_SCALE			0x10

that is, you change CHARSET_MAX from 0x7E to 0xFF and CHARSET_SCALE from
0x100 to 0x10, leaving the rest at the defaults.  Of course, you'll be
forced to generate new .chr files (old ones won't work with this build
of JtR at all).

Some john-users might notice that with the above settings we're
actually slightly exceeding 64 bits for ((SIZE ** LENGTH) * SCALE),
which the comment says to not do.  However, in reality the requirement is
not so strict; I just picked a simpler description for the comment.  The
self-test performed by current versions of JtR makes sure that things
don't go wrong - if there are overflows, JtR will refuse to generate
charset files rather than generate them incorrectly.

For some other approaches at cracking passwords with 8-bit characters in
them, see this older posting:

	http://www.openwall.com/lists/john-users/2006/02/16/1

You may also find the "DumbForce" external mode sample from this posting
useful (customize it for your desired charset and lengths):

	http://www.openwall.com/lists/john-users/2008/02/24/1

Finally, what hash type(s) are you going to use this with?  Please note
that the traditional DES-based crypt(3) hashes process input characters
as 7-bit, ignoring the 8th bit.  This means that you might be able to
represent your 8-bit characters with their 7-bit equivalents - and thus
have a smaller charset, allowing you to crack your passwords faster.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ