Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Feb 2008 07:33:40 +0000
From: Andy Stevens <insomniacpenguin@...glemail.com>
To: john-users@...ts.openwall.com
Subject: case insensitivity, rules & charsets

Hi,

I'm processing a set of SHA hashes for passwords that are
case-insensitive (our app that uses them converts to lower case before
doing the authentication check; we need to recover them so we can 
migrate to a database-based authentication mechanism that uses a 
different hash method).  I can easily enough convert the "all"
wordlist to lower case, and strip out any duplicates this produces, but
I figured to speed things up I should also disable any of the rules that
would attempt variations using upper case characters.  Unfortunately,
I'm finding the rule syntax a bit cryptic, so figuring out which ones to
disable is a bit slow going...

I had thought at first that this wouldn't be needed, as the RULES file
says the -c flag will "reject this rule unless current hash type is
case-sensitive".  However, in my case the hash type itself isn't
inherently case-sensitive, it's just the application that makes it that
way, so the flag won't make any difference.  Is there an equivalent to
the default [List.Rules:Wordlist] listed anywhere, that omits the
case-sensitive entries?  Or would that just be the same as removing the 
-c lines from the list?

Next I looked into the incremental mode's charsets.  all.chr includes
both upper & lower case, so would obviously be checking a lot of
unnecessary candidates.  I see in the docs that alpha.chr would try 
'from "a" to "zzzzzzzz"' and since the CharCount is 26 I assume that it 
contains only lower case.  alnum.chr has a CharCount of 36, but I don't 
see anything that definitively states if that's using lower or upper 
case letters.  In either case I thought of adding the remaining 
printable characters with Extra, but the docs say these are treated as 
"least probable" and I suspect many of them (e.g. those on 
shifted-number keys) may occur more often that that.  I could create my 
own custom one, but it appears the .chr contains more than just the 
letters themselves (I assume that's where the "frequencies of different 
trigraphs" mentioned in the FAQ are stored?)  And currently I don't have 
a good sample set of passwords, until JtR finds them for me...

I read in the docs that the LanMan charset is like all.chr but
case-insensitive so, presumably, has the 95 printable characters minus
26 for the upper/lower duplicates (the CharCount backs this up).  It 
seems to me this is likely to contain better frequency information than 
using Extra on one of the others, but unless I'm mistaken it's the upper 
case letters that appear in it.  Is there any way to convert this 
character set to an equivalent .chr that uses lower case instead?

Lastly, I know one of the hashes corresponds to a word in the wordlist 
with two numeric digits appended, but a trial run didn't find that so I 
assume there's no rule for this in the default list.  Also I was 
wondering about substitutions like "swap i for 1, o for 0, A for 4, S 
for $, etc."? (there might be, but I've not yet figured the rules out 
well enough to tell)  So I was wondering if there are any well-known 
resources for common extra rules to try, things that have proved useful 
to others?

Thanks in advance,


Andy.
-- 
http://pseudoq.sourceforge.net/  Open source java Sudoku application

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.