Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 24 Aug 2015 17:27:24 +0200
From: Frank Dittrich <>
Subject: Re: New single mode rules

On 08/24/2015 04:55 PM, JimF wrote:
> # this is a good rule on larger sites where a user ID may already be used,
> # so a user simply appends numbers to create his loginID, but then uses the
> # login name he wanted as basis for password. Just strip off digits and
> treat
> # the base-word to some manipulation. These rules found from the Asley
> # Madison leak.  Only adds about 30 tests and only to user names that have
> # digits contained within them, and cracks quite a few.
> /?d @?d

Good rule when users are allowed to pick their own user name, but their
favorite name has already been used by someone else.
But I would require a min length that has to remain after removing the

> /?d @?d M [lc] Q

Similar here, require min length.

> /?d M @?d [lc] $[0-9] Q

These are 20 different rules!
With a large list of users and a slow hash format, I would definitely
try this one first:

@?D Q >4

And I would make adjust your rules to
/?d @?d >3 <* $[0-9] Q
/?d @?d >3 M [lc] Q <* $[0-9]

> /?d M @?d [lc] Q Az"12"

/?d @?d [lc] <- Az"12" Q

> /?d M @?d [lc] Q Az"123"

/?d @?d [lc] Az"123" <+ Q

We should also add a rule which checks whether a word (user name) starts
with a letter, ends with a digit, and switches digits and letters.
E.g., transform michael6789 into 6789michael.

Not sure if this is good enough:

(?a )?d /?d 'p Xpz0

$ cat test

$ ./john --wordlist=test --rules=test --stdout


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.