Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Sat, 19 Mar 2011 22:25:30 +0100
From: magnum <guzziraz@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Couple of questions regarding rules (preprocessor)
 and truncation

On 2011-03-19 00:17, Frank Dittrich wrote:
> Try this instead:
>
> '-M>[2-9A-Z]'\p[2-9A-Z]QAz"1234"
> or just
> '-M'[2-9A-Z]QAz"1234"
>

Yes, but even if I managed to discard all duplicates even for unsorted 
wordlists, I would still not want the preprocessor to create hundreds of 
thousands of rules that just will have *all* of its candidates 
discarded. That is hundreds of thousands of times shuffling the whole 
wordlist (which may be tens or hundreds of megabytes) from disk through 
code and then straight to the bit bucket. My point is to not *produce* 
so many candidates that is later rejected!

For example, the last rule you wrote above would take 0:35 instad of 
1:31, used with the Rockyou wordlist against 135 hashes/one salt of DES. 
(Naturally, I tested that by changing the range to [2-7]). That is some 
decent performance boost! Now replace "1234" with "[0-9][0-9][0-9][0-9]" 
and do the math.

For now, the solution is to have different sets of rules (length ranges) 
for different formats. If we could use the length constants in the 
preprocessor, this would be done automatically.

I'm afraid there's more to it though. If the constants would just be 
"translated" to the corresponding digit or letter (might be an easy 
hack), the [0-*] would work for LM and DES but not MD5 (that would mean 
[0-F] which includes invalid characters). But if it was written [0-9A-*] 
it would not work for LM and DES (translates to eg. [0-9A-8], invalid).

So maybe [0-*] must be a special case just for this.

magnum

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ