[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 27 Feb 2010 14:52:18 +0100
From: "Magnum, P.I." <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Wordlist + single
I got this idea. I haven't seen it being discussed earlier.
Currently we have these two ways (among others) of producing candidates:
- Single mode will use 'user info' but not a wordlist
- Wordlist mode will use a wordlist but the 'user info' is unavailable
How about combining that? In its simplest form, that is wordlist rules
(or variables?) that has knowledge of the current user name (and
possibly gecos info etc). So if I have this hash:
root:$1$somesalt$im/T9r/sZVwtKkFKFArym.:0:0:Super User::
Combining the word 'pass' from a wordlist with the user info, a rule
could construct password candidates like rootpass, passSuper,
SuperUserpass and so on (by the way I actually thought this example hash
would be cracked in seconds by a default install anyway, but it doesn't).
I believe this would prove very powerful but I realize it might be
non-trivial to implement at this point. Maybe it would be hard to
accomplish without loosing performance? Hopefully that could be
mitigated by having this as an optional functionality, or maybe even a
separate new cracking mode.
Just a thought.
thanks
MPI
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
