Date: Wed, 8 Aug 2012 03:10:47 +0800 From: myrice <qqlddg@...il.com> To: john-dev@...ts.openwall.com Subject: Mask mode (was Password Generation on GPU) Solar - On Mon, Apr 30, 2012 at 12:32 PM, Solar Designer <solar@...nwall.com> wrote: > myrice, Samuele, magnum, all - > > 1. Enhance the formats interface by adding an optional method like: > > void set_mask(int count, int *positions, char **charsets) > > which would tell the format to substitute all possible characters from > the supplied charsets in the supplied character positions. For example, > if called with (1, , ["abcdef"]), it would for every key set with > set_key() additionally substitute every one of the six characters in > character position number 5 (zero-based). So crypt_all() would produce > 6 times more password hashes than we had candidate passwords provided > via set_key(). cmp_all() would operate on all of the actually computed > hashes. In order for the caller to know how many times to call > cmp_one(), cmp_exact(), and get_hash*() - when these are needed - > crypt_all() would be changed to return the number of hashes actually > computed. (I am considering certain other changes as well, which may > result in these interfaces being revised some further or differently, > but I am not including those other changes here to avoid confusion.) > > 2. Add a "mask mode" to JtR. (This is desirable anyway. Other crackers > have it, but JtR makes this unnecessarily difficult for users by only > providing things like the KnownForce external mode instead.) In this > mode, the user will specify a mask consisting of per character position > charsets (or just charset identifiers such as "lowercase letter"). > > Indeed, this cracking mode will make use of the set_mask() feature above > (when the current format provides it) for some of the character > positions (iterating over the rest on its own such that the program > doesn't stay inside crypt_all() forever and run out of memory for the > computed hashes, but is responsive to any-key, prints guessed > passwords, updated the pot/log/rec files, etc.) > I am changing hard coded password generation to mask mode. If I got it correct, hashcat use mask mode generated password based on mask only. >From previous discuss, JtR could apply mask on exist keys that passed from set_keys() interface. I provided void set_mask(int count, int *positions, char* masks). For example, we could use set_mask(2, [2,4], ['d', 'l']). It will replace position 2 with digits and 4 with lower case letters. 'd' indicates digits and 'l' indicates letters which borrow from hashcat and correspond to wordlist rules in JtR. But this may be overlap. If we have a wordlist file contains "password[1-9]" and we set mask to set_mask(1, , ['d']). In crypt_all, we will have "password[1-9]" multiple times. Or we just append to the keys not replace the exist character in the wordlist? Also, what if some words don't have such positions. Using set_mask(2, [2,4], ['d', 'l']) as example, if a word is 'am', it do not have position 4 and am_'l'( _ is null) do not seems like a meaningful word. I prefer to discard these invalid positions. Another way of using mask is use mask alone (or it is real mask mode?). We do not use set_keys() and only use set_masks(). For example, we could use set_mask(4, [1,2,3,4], ['d', 'd', 'd', 'd']) to produce 0000-9999 on GPU. But if the mask is too large, such as aaaaaaaa-zzzzzzzz, I am afraid of long GPU run which cause ASIC hang. I am test mask mode only in raw-md5-opencl and have not produce set_mask() interface into john. I manually set_mask in reset(). I want to make these clear before I add interface into it: overlap, only append to word and invalid positions. Thanks! myrice
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.