Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 24 Mar 2011 20:39:53 +0100
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Re: 8-bit candidates (was: single mode)

On 2011-03-24 03:31, Solar Designer wrote:
>> Then how come a word with no 7-bit chars will be used, *and* paired?
>
> Not as the first word in a pair.  Maybe this needs to be changed or made
> configurable.
>
>> I know I
>> can crack foreign passwords completely lacking ascii, with single user
>> mode and the test words put in the GECOS field.
>
> Sure, without word pairing.

I see. This will be on my to-do list for the utf8 patch, if nothing 
else. Use them, but not truncated.

By the way, I have also tried a new character class for the utf8 patch 
and it may actually be equally useful without that patch:

  ?b  matches any character with 8th bit set

This lets you write rules that only affect 8-bit candidates, or the 
opposite. My experimental implementation is not very pretty but it works 
just fine. Not sure how to do it cleaner.

I also have plans for a few rules that are really utf-8 aware. Like 
case-shifting of *any* (applicable) UCS-2 character. That won't be near 
as quick as a bit flip, but hey, it will only do it if you ask for it.

thanks
magnum



diff --git a/src/rules.c b/src/rules.c
index 7ad95c0..8dfb1b4 100644
--- a/src/rules.c
+++ b/src/rules.c
@@ -185,6 +185,11 @@ static void rules_init_class(char name, char *valid)
 static void rules_init_classes(void)
 {
 	memset(rules_classes, 0, sizeof(rules_classes));
+	static unsigned char eightbitstring[129];
+	int i;
+	for(i=0;i<=128;i++)
+		eightbitstring[i] = i+128;
+	eightbitstring[128] = 0;
 
 	rules_init_class('?', "?");
 	rules_init_class('v', "aeiouAEIOU");
@@ -197,6 +202,7 @@ static void rules_init_classes(void)
 	rules_init_class('d', CHARS_DIGITS);
 	rules_init_class('a', CHARS_LOWER CHARS_UPPER);
 	rules_init_class('x', CHARS_LOWER CHARS_UPPER CHARS_DIGITS);
+	rules_init_class('b', &eightbitstring);
 	rules_init_class('Z', "");
 }
 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ