Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 19 Oct 2006 01:18:40 +0400
From: Solar Designer <>
Subject: Re: John, word list question

Brian -

On Wed, Oct 18, 2006 at 03:28:02PM -0400, Brian Cuttler wrote:
> > > 1 AAD
> > > 1 AADEL
> > > 1 AADLAND
> Just for reference, I find the odd entries in a file named "names.hp.gz"

Indeed.  I told you that filename a few messages back. ;-)

> I combined our "good" files with the "all" file,

I don't think you needed to do that.

> ASSurnames.gz           actor-surname.gz        male-names.gz
> Acr-diagnosis.gz        asteroids.Z             movie-characters.gz
> World.factbook.Z        kjbible.Z
> actor-givenname.gz      male-names-kantr.gz

All of the above files and many more have been considered for the
Openwall collection and either merged (in some form) or rejected.
I've just checked - I have a total of 1,335 input wordlist files that
were considered for the collection.  (Most were duplicates with only
minor file format conversions, etc.  Many were poor quality.)

I don't expect that you will get (m)any more passwords cracked with your
expanded wordlist than you would with plain all.lst.

More importantly, you need to pick the new revision of password.lst from
JtR 1.7+ - it has quite some very common passwords added compared to the
revision from JtR 1.6 (that went into all.lst in the currently available
revision of the Openwall collection).  You'll need to merge that new
password.lst with the all.lst file that you've downloaded (place the
password.lst entries first).  Alternatively, you can pick the new
revision of all.lst from JtR Pro - it already has the new password.lst
in it (and more).

Yes, it's high time I put out a new revision of the Openwall wordlists
collection with the new password.lst merged and with many more pending

Alexander Peslyak <solar at>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15 - bringing security into open computing environments

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.