Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 Feb 2012 19:29:09 +0100
From: magnum <>
Subject: Re: stacking rules and external filters on top of other

On 02/14/2012 04:26 PM, Solar Designer wrote:
> I think that in the long run we need to add generic support for stacking
> of multiple cracking modes together - including e.g. multiple rulesets
> at once (I hear that hashcat got such feature recently), rules on top of
> anything (not just on top of external modes, but also on top of e.g.
> incremental mode and Markov mode), ... and we already have external
> filter() on top of everything, but just one filter at a time - whereas
> we need to allow multiple filters at once.

This would be great. Chosing a syntax for it is a challenge.

> My initial idea was to make the batch mode configurable.  Currently,
> it is just single crack (pass 1) followed by wordlist with rules (pass
> 2) and followed by incremental mode (pass 3).  We may instead have a
> john.conf section that would define arbitrary batch modes, including
> those involving parallel application of multiple rulesets or/and
> external filters.

Good idea. Maybe we could even do things like LM->NT cracking in a batch

> However, we can in fact add support for requesting this from the
> command-line as well (I think this is what hashcat did).

I think I'd like both, for different situations.

> Maybe we need to support both parallel and sequential application of
> multiple rulesets/filters.  In both batch mode and command-line, it
> makes sense to be able to specify either thing (in different cases).

Yes, both variants is already on the wiki wish-list.

> I am not sure about the syntax to distinguish the two, though.  Should
> simple "--rules=a --rules=b" invoke the two rulesets in parallel (so
> e.g. if the rulesets have 3 rules each, that will be an equivalent of 9
> rules total) or sequentially (6 rules total for the same example)?  And
> how do we specify the other thing?  Ditto for combinations of rules and
> external filters (sequential vs. parallel).  Any suggestions?

I think this would be fairly intuitive:

  -ru:cap+appendDigits -ru:casetoggle

This would run the "cap" rules and the "appendDigits" rules in parallel,
and then "casetoggle" on its own.

For john.conf I'm not sure. We can already do sequential rules by
creating a new rule that use the .include directive.

Should we support more than two rulesets in parallel? I'm not sure.

All this would also call for another thing on the wish-list: A rule
optimiser. When running rules in parallel and/or sequence it should
optimise the complete resulting rule set. In a perfect world it would
supress duplicate rules even though they were not written the same (like
$a vs. Az'a') and also replace the latter with the former (ie. the
slower with the faster). This could become incredibly complex but the
whole optimising thing is of course not strictly needed - we could try
to set a clever base for it and then let it become more powerful over time.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.