Date: Mon, 24 Aug 2015 11:34:50 -0500 From: JimF <jfoug@....net> To: john-dev@...ts.openwall.com Subject: Re: New single mode rules On Mon, 24 Aug 2015 10:27:24 -0500, Frank Dittrich <frank.dittrich@...lbox.org> wrote: > On 08/24/2015 04:55 PM, JimF wrote: >> # this is a good rule on larger sites where a user ID may already be >> used, >> # so a user simply appends numbers to create his loginID, but then uses >> the >> # login name he wanted as basis for password. Just strip off digits and >> treat >> # the base-word to some manipulation. These rules found from the Asley >> # Madison leak. Only adds about 30 tests and only to user names that >> have >> # digits contained within them, and cracks quite a few. >> /?d @?d > > Good rule when users are allowed to pick their own user name, but their > favorite name has already been used by someone else. > But I would require a min length that has to remain after removing the > digits. Frank, thanks for the suggestions. How about this ruleset. Note I also added : also, which if there is mixed case, it also uses the exact base in the mangling. /?d @?d >4 /?d @?d >4 M [lc] Q @?D Q >4 /?d M @?d >3 <* [:lc] $[0-9] Q /?d M @?d >2 <- [:lc] Q Az"12" /?d M @?d >1 [:lc] Q Az"123" <+ /?d @?d >2 M [:lc] Q d <+ (?a )?d /?d 'p Xpz0 )?a (?d /?a 'p Xpz0 I would like to get updates in, before committing to git again. Your suggestions about length were great, as are the 3 new rules.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.