Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 14 Feb 2012 19:26:07 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: stacking rules and external filters on top of other modes (was: --external=Keyboard mode [was: john-users])

On Mon, Feb 13, 2012 at 12:32:27AM +0100, magnum wrote:
> On 02/11/2012 02:18 PM, Solar Designer wrote:
> > On Sat, Feb 11, 2012 at 12:03:21PM +0100, madfran@...-ezine.org wrote:
> >> Are you sure that also capital letters are used in this cracking mode?
> > 
> > Capital letters are not included in this mode by default.  You'd need to
> > adjust it if you want to include capital letters.
> 
> I was going to add that you can use --ext=keyboard and --rules=NT
> together but I realised you can't (unless piping to another instance of
> john). Is this something you could change? Maybe it becomes tricky in
> some cases?

I think we can add support for wordlist rules on top of external modes
fairly easily, but:

I think that in the long run we need to add generic support for stacking
of multiple cracking modes together - including e.g. multiple rulesets
at once (I hear that hashcat got such feature recently), rules on top of
anything (not just on top of external modes, but also on top of e.g.
incremental mode and Markov mode), ... and we already have external
filter() on top of everything, but just one filter at a time - whereas
we need to allow multiple filters at once.

My initial idea was to make the batch mode configurable.  Currently,
it is just single crack (pass 1) followed by wordlist with rules (pass
2) and followed by incremental mode (pass 3).  We may instead have a
john.conf section that would define arbitrary batch modes, including
those involving parallel application of multiple rulesets or/and
external filters.

However, we can in fact add support for requesting this from the
command-line as well (I think this is what hashcat did).

Maybe we need to support both parallel and sequential application of
multiple rulesets/filters.  In both batch mode and command-line, it
makes sense to be able to specify either thing (in different cases).
I am not sure about the syntax to distinguish the two, though.  Should
simple "--rules=a --rules=b" invoke the two rulesets in parallel (so
e.g. if the rulesets have 3 rules each, that will be an equivalent of 9
rules total) or sequentially (6 rules total for the same example)?  And
how do we specify the other thing?  Ditto for combinations of rules and
external filters (sequential vs. parallel).  Any suggestions?

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.