Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 17 Apr 2012 20:10:56 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: Re: Finding words on which passwords are based

On 04/16/2012 12:53 AM, Aleksey Cherepanov wrote:
> Also it could be handy to have different prepared lists. I think it is like
> prepared wordlists but more general. Probably we could rip wikipedia for such
> lists with good quality.

In general, I think a list of dates (either DDMMYYYY or YYYYMMDD) could
be useful.
If you know how old the users are and/or when those passwords have been
created, you'd also know which years to put on top of the list.
Because instead of DDMMYYYY users might prefer MMDDYYYY, this list
should also contain those dates first where DD is also a valid month.
And because users might use 1-9 instead of 01-09 (so you would have to
check both versions for these dates), I would start the list with those
dates where both DD and MM are in the range of 10-12.
This allows to apply a larger number of complex rules on the top n
entries of your dates wordlist even for very slow hashes where you can't
afford to try all these rules on the complete list.
Instead of all rules, just pick those rules that worked best on your
small subset, and try them on the remaining lines of your word list.

> Or we could even make dynamic basic words list finder that finds full list on
> the internet using human-like methods like google or our own search local
> engine (filling its database is similar to preparing lists).

I wouldn't waste programming effort on this.

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.