Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 16 Aug 2012 06:45:41 -0500
From: Richard Miles <richard.k.miles@...glemail.com>
To: kzug <kzug10@...il.com>
Cc: john-users@...ts.openwall.com
Subject: Re: Learn from 'Crack Me If You Can 2012'.

Hi kzug,

Thanks for follow-up, very appreciated! :)

I'm answering inline...

On Wed, Aug 15, 2012 at 3:05 PM, kzug <kzug10@...il.com> wrote:

> I did not reply to the group as some of the questions were already
> answered.
>
>
On my post? I got no other replies, I also looked at web archive and I
don't see them. :(


> 1) Wiki page, search for the reworked by Solar Designer Set of rules
>     Reusable security, search for John the Ripper Related topics
>


Nice, I was aware of it, but basically is makes it runs faster and fix a
few bugs. But I was looking for a new "revolutionary" ruleset, such was
KoreLogic when released in 2010. Are you aware of any other?

Do you have experience with rulesfinder (
https://github.com/bartavelle/rulesfinder)? What do you think about it?


> 2)  plenty in Google
>

Serious? I was unable to find any built passphrase list :(


>       Download an ebook and make your own (TextWrangler + grep)  i.e Bible
> etc
>       Web parser , i.e WikiQuotes
>

Hummm.. do you know any link that explain how to do it? I have no
experience with TextWrangler and I'm a bit unsure about the results of this
semi-automated approach...

I was looking at famous quotations and most of the sites split it by author
or type, which should be this process very boring and slow. Examples:

http://www.brainyquote.com/

http://www.quotationspage.com/quotes/

Also, they suggest a few books, but not sure how good they are.

http://www.quotationspage.com/books.php3?amp;category=quoteref

BTW, do you know if the pass-phrase used by john-users team during the
KoreLogic contest 2012 will be released? :)

I was reading the archive and appear that a person called Kevin Young has a
great job on this topic:

 "First of all I want to acknowledge the work Kevin Young did. He's another
password cracking researcher who's been investigating passphrases, (you can
see an article he was interviewed for here:
http://www.computerworld.com/s/article/9227894/How_Charles_Dickens_helped_crack_your_LinkedIn_password).
I met him at Defcon and he wanted to help out,
and since he was dealing with internet connectivity issues like I was it
turned out to be easier for him to just give me his cracked passwords and
have me upload them to our server vs. him registering as another member on
our team. Pretty much all the passphrases I uploaded were ones that he had
cracked. I'm not sure about the exact hardware he used, but I'm pretty sure
it was just a laptop he had left running in his hotel room."

Do you know if he is releasing his pass-phrase lists and tricks? :)

Thanks.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.