Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 26 Jul 2009 17:42:12 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: generating charset

On Sun, Jul 26, 2009 at 01:16:22AM +0200, websiteaccess wrote:
>  imagine my john.pot contains only
> 
>  user:house
>  user:cat
>  user:tree
>  user:cold
>  user:parking
> 
>  is "./john -make-charset=alpha.chr" will able to generating a charset 
> with all letters  (a-z and A-Z) or only a charset with all letters of 
> all words included in
>  the john.pot (housecatrldkngp) ?

The latter.  If you want to use the resulting .chr file, yet have JtR
try other characters as well, you need to list those in Extra.

BTW, it's weird that you specified "user" on your john.pot entries
above.  Normally, these will have password hashes, not usernames, but
indeed you may omit the hashes or replace them with any strings (even
empty ones) for the purpose of generating a .chr file.

> [Incremental:Alpha]
> # par defaut Minlen = 1 et Maxlen = 8
> File = $JOHN/alpha.chr
> MinLen = 1
> MaxLen = 8
> CharCount = 52  <---- what is the right number ? -> 52 (a-z A-Z) ?    
> OR   the only 26 (a-z) ?  Or less 15 (housecatrldkngp) ?

You don't have to specify CharCount at all.  Most of the time, the only
reason to specify it is to have JtR issue a warning when the character
count turns out to be smaller than what you had expected.  This is why
it is specified for the pre-defined "incremental" modes.

In the above example, with your regenerated alpha.chr file with only 15
characters in it, you may either omit CharCount or specify
"CharCount = 15".  The effect will be the same, but with the latter
you'll get a warning issued in case you, say, replace the .chr file with
one with fewer characters.

If you want to have JtR try more characters, you may specify those in
Extra and then similarly either omit CharCount or specify the new
expected CharCount in order to have JtR expect at least this many
characters (and warn you when there are fewer).

Finally, another use of CharCount is to restrict JtR to trying fewer
character indices.  This is illustrated in the following older posting:

http://www.openwall.com/lists/john-users/2009/02/20/3

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ