Date: Thu, 9 Jul 2009 07:01:34 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: International Charactersets On Wed, Jul 08, 2009 at 02:09:51PM +0300, kalgecin@...il.com wrote: > I have a password dump file with russian passwords and i need a chr > file for russian language. I've googled around and found none. Or any > other way to crack russian passwords or generate a file. You're artificially limiting yourself by looking for a .chr file only. There are cracking modes besides the "incremental" mode. Those other modes won't require a .chr file. You can get some Russian wordlists in two common encodings (koi8-r and windows-1251) here: ftp://ftp.openwall.com/pub/wordlists/languages/Russian/ Speaking of "incremental" mode, in order to use a .chr file with 8-bit characters you'd need to modify params.h first. This is shown here: http://www.openwall.com/lists/john-users/2008/03/17/1 To generate a .chr file based on a wordlist, you need to create a fake john.pot with a command like: sed 's/^/:/' < WORDLIST-FILE > john.pot Then use "john --make-charset=..." as usual. Since there are many different Cyrillic encodings in use, you will probably need more than one .chr file. Alternatively, you'd apply an external filter() on top of "incremental" mode to do conversion to a target encoding being probed. I imagine that currently it would be the only reasonable way to go for multi-byte encodings (UCS-2 and UTF-8 are relevant here), which wouldn't fit in a .chr file directly. For really short passwords, you can also use "8-bit" external modes found in these older postings: http://www.openwall.com/lists/john-users/2008/03/17/2 http://www.openwall.com/lists/john-users/2006/02/16/1 BTW, all of the john-users postings referenced above are linked from: http://openwall.info/wiki/john/mailing-list-excerpts You could want to review that wiki page before posting in here. ;-) Finally, you could want to consider that many or even most Russians, when they happen to use Russian-language words in their passwords, use transliteration instead of Cyrillic characters: http://en.wikipedia.org/wiki/Transliteration http://en.wikipedia.org/wiki/Romanization_of_Russian http://en.wikipedia.org/wiki/Russian_Chat_Alphabet http://en.wikipedia.org/wiki/Translit As you can see, this introduces even more uncertainty than you'd have by "merely" testing multiple Cyrillic encodings - you'll have a different number of candidate passwords to probe for each input word in Cyrillic. That's because some characters are translated in just one "standard" way, whereas some others will need to be translated into single characters and multi-character strings in a variety of ways - and you need to generate all combinations. Yet this is easy to script. I'd recommend Perl. Alexander -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ