Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 14 Aug 2015 23:07:41 +0200
From: Tonimir Kisasondi <kisasondi@...il.com>
To: john-dev@...ts.openwall.com
Subject: Metadata for wordlists

Hello everyone,

This is my first time posting here, so, hello everyone, I'm Tonimir and
i am kinda interested in password cracking and research in the same
area.  :)

I don't know if this is a right list for this discussion, but this is as
close as it gets, so sorry if i'm offtopic, you are free to ignore this
then, but you are the best/closest audience for this discussion.

So, one of the things i like are default passwords and dictionaries for
default passwords. Be it default passwords that are vendor pre-set or
backdoors that are found by researchers, but sometime you want to have a
large list, but select only passwords that are backdoors, or only those
that work on HP servers. Also, sometimes you want to "annotate"
wordlists for instance, selecting just the top 75% of the statistically
occuring elements that are used in leaked password lists. Or only words
that are "tech" related or only "french". Or do a reverse lookup: why
did the password b4dg3r5 work from the default password list on this
machine. You get the idea, the possibilities are endless, and this opens
the avenue for more interesting password cracking attacks and methods.

It's quite easy to do with something like JSON (or JSONgz), and it's
easy to extract a wordlist from the annotated format and maintain a set
of lists collaboratively via github or some other method and reduce
redundancy in all projects.

So, why am i writing this?

1) Do you think something like that is useful? What's your opinion on this?
2) Would you be interested in accepting a patch/toolchain to enable this
functionality in john? The core would be unchanged, it's only a python
script that helps you to manipulate annotated wordlists (awl)
3) Of course I'm experimenting with this functionality in python
currently, but i would love to hear your opinion on the whole matter. If
you think this is interesting, I'm more then willing to contribute the
necessary code into jumbo. 

Sincerely,
Tonimir Kisasondi



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.