Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 9 Jul 2009 07:01:34 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: International Charactersets

On Wed, Jul 08, 2009 at 02:09:51PM +0300, kalgecin@...il.com wrote:
> I have a password dump file with russian passwords and i need a chr
> file for russian language. I've googled around and found none. Or any
> other way to crack russian passwords or generate a file.

You're artificially limiting yourself by looking for a .chr file only.
There are cracking modes besides the "incremental" mode.  Those other
modes won't require a .chr file.  You can get some Russian wordlists in
two common encodings (koi8-r and windows-1251) here:

ftp://ftp.openwall.com/pub/wordlists/languages/Russian/

Speaking of "incremental" mode, in order to use a .chr file with 8-bit
characters you'd need to modify params.h first.  This is shown here:

http://www.openwall.com/lists/john-users/2008/03/17/1

To generate a .chr file based on a wordlist, you need to create a fake
john.pot with a command like:

sed 's/^/:/' < WORDLIST-FILE > john.pot

Then use "john --make-charset=..." as usual.

Since there are many different Cyrillic encodings in use, you will
probably need more than one .chr file.  Alternatively, you'd apply an
external filter() on top of "incremental" mode to do conversion to a
target encoding being probed.  I imagine that currently it would be the
only reasonable way to go for multi-byte encodings (UCS-2 and UTF-8 are
relevant here), which wouldn't fit in a .chr file directly.

For really short passwords, you can also use "8-bit" external modes
found in these older postings:

http://www.openwall.com/lists/john-users/2008/03/17/2
http://www.openwall.com/lists/john-users/2006/02/16/1

BTW, all of the john-users postings referenced above are linked from:

http://openwall.info/wiki/john/mailing-list-excerpts

You could want to review that wiki page before posting in here. ;-)

Finally, you could want to consider that many or even most Russians,
when they happen to use Russian-language words in their passwords, use
transliteration instead of Cyrillic characters:

http://en.wikipedia.org/wiki/Transliteration
http://en.wikipedia.org/wiki/Romanization_of_Russian
http://en.wikipedia.org/wiki/Russian_Chat_Alphabet
http://en.wikipedia.org/wiki/Translit

As you can see, this introduces even more uncertainty than you'd have by
"merely" testing multiple Cyrillic encodings - you'll have a different
number of candidate passwords to probe for each input word in Cyrillic.
That's because some characters are translated in just one "standard"
way, whereas some others will need to be translated into single
characters and multi-character strings in a variety of ways - and you
need to generate all combinations.  Yet this is easy to script.  I'd
recommend Perl.

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ