Date: Mon, 24 Aug 2015 11:47:34 -0500 From: JimF <jfoug@....net> To: john-dev@...ts.openwall.com Subject: Re: New single mode rules On Mon, 24 Aug 2015 11:34:50 -0500, JimF <jfoug@....net> wrote: > On Mon, 24 Aug 2015 10:27:24 -0500, Frank Dittrich > <frank.dittrich@...lbox.org> wrote: > >> On 08/24/2015 04:55 PM, JimF wrote: >>> # this is a good rule on larger sites where a user ID may already be >>> used, >>> # so a user simply appends numbers to create his loginID, but then >>> uses the >>> # login name he wanted as basis for password. Just strip off digits and >>> treat >>> # the base-word to some manipulation. These rules found from the Asley >>> # Madison leak. Only adds about 30 tests and only to user names that >>> have >>> # digits contained within them, and cracks quite a few. >>> /?d @?d >> >> Good rule when users are allowed to pick their own user name, but their >> favorite name has already been used by someone else. >> But I would require a min length that has to remain after removing the >> digits. > > Frank, thanks for the suggestions. How about this ruleset. Note I also > added : also, which if there is mixed case, it also uses the exact base > in > the mangling. > > /?d @?d >4 > /?d @?d >4 M [lc] Q > @?D Q >4 > /?d M @?d >3 <* [:lc] $[0-9] Q > /?d M @?d >2 <- [:lc] Q Az"12" > /?d M @?d >1 [:lc] Q Az"123" <+ > /?d @?d >2 M [:lc] Q d <+ > (?a )?d /?d 'p Xpz0 > )?a (?d /?a 'p Xpz0 > > I would like to get updates in, before committing to git again. Your > suggestions about length were great, as are the 3 new rules. To get the ':' to not print dupes, I had to split them out. This ruleset does what I expected the above to do. /?d @?d >4 @?D Q >4 /?d @?d >4 M [lc] Q /?d @?d >3 <* $[0-9] Q /?d @?d M >3 <* [lc] Q $[0-9] /?d @?d >3 <- Az"12" Q /?d @?d M >3 <- [lc] Q Az"12" /?d @?d >3 Az"123" Q <+ /?d @?d M >3 [lc] Q Az"123" <+ /?d @?d >2 d Q <+ /?d @?d >2 M [lc] Q d<+ (?a )?d /?d 'p Xpz0 )?a (?d /?a 'p Xpz0
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.