Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 24 Aug 2015 09:55:09 -0500
From: JimF <jfoug@....net>
To: john-dev@...ts.openwall.com
Subject: New single mode rules

I have added this new block to the single rules. I put it pretty high in  
the
list. It seems to catch quite a few for a larger set of users, where a user
wants a signin id, but it is not available. There are a lot of users that
keep that id, but append numbers to get something unique, but then base
their password on the signin id they 'really' wanted to use.  This rule set
is now checked into the bleeding-jumbo git repo.

Example would be something like:

eddie121967  with password eddie123   (fabricated, but I've seen many like  
this)

# this is a good rule on larger sites where a user ID may already be used,
# so a user simply appends numbers to create his loginID, but then uses the
# login name he wanted as basis for password. Just strip off digits and  
treat
# the base-word to some manipulation. These rules found from the Asley
# Madison leak.  Only adds about 30 tests and only to user names that have
# digits contained within them, and cracks quite a few.
/?d @?d
/?d @?d M [lc] Q
/?d M @?d [lc] $[0-9] Q
/?d M @?d [lc] Q Az"12"
/?d M @?d [lc] Q Az"123"
/?d @?d [lc] d


I have not posted this to john-users (yet), because I wanted others to look
things over a bit, just to make sure, or if there is a way to do the same
thing faster or with fewer rules.  I have run unique on full resultant
output, and it does not create any dupes from existing single rules, but
there frequently are a couple of dupes for user id's ending in digits.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.