Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 19 Apr 2009 06:30:43 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: New john.conf rules (Part 1 of 9999)

First of all, thank you for posting this and for linking to it from the
wiki.  Maybe this will encourage others to contribute as well.

On Fri, Mar 27, 2009 at 12:52:16PM -0500, Minga Minga wrote:
> I'm sure there are already john.conf rules that tackle some of these - but
> having specific rules really helped me to crack as many passwords as
> possible. Im also "new" at writing john.conf - so Im sure some of them
> aren't done the "best' way and could be minimized. But I like having them in
> a readable and easier to understand format.

Understood, yet I'll point out how some of these can be written in what
I think is a more readable and easier to understand way.

> Ill try to post more and more rules each week.

Well, it's been three weeks already... ;-)

> # KoreLogic - prepends 2008 (and variations) to the beginning of each word.
> # This cracks passwords such as 2008Sep! 2008Sep$ 2008Sep* 2008Sep. 2008Sept
> i[0][2]i[1][0]i[2][0]i[3][0123456789]

This can be written as:

i02i10i20i3[0123456789]

I don't see how the extra square brackets make it more readable.

It can also be changed to:

^[0123456789]^0^0^2

This will produce the same set of candidate passwords, but their order
will be different (not necessarily better or worse - just different).

> # KoreLogic - Capitalize pure alphabetic words and PREPENDS 2000,2001 up to
> 2009
> # This is ONLY really useful if your dictionary is all lower case - and you
> KNOW your users
> # capitalize the first character of their passwords (That part stolen from
> other lines in john.conf)

Somehow when you post to this list, you first write lengthy lines -
wrapped at around 100 chars - but then they get wrapped for a second
time at under 80 chars.  You could want to fix this on your end -
I suggest that you wrap them just once, at around 72 chars (good for
quoting and display on 80 character wide terminals).

> -c <*>2!?Aci[0][2]i[1][0]i[2][0]i[3][0123456789]

Similarly to the above, this can be simplified to:

-c <*>2!?Ac^[0123456789]^0^0^2

> # Many people prepend passwords with ABC, abc, abcd, etc. This prepends
> those strings to your dictionary
> # Good for  Abc123$$ Abc12309 abc12333 aBCd12345
> i[0][aA]i[1][bB]i[2][cC]
> i[0][aA]i[1][bB]i[2][cC]i[3][dD]

This can be simplified to:

i0[aA]i1[bB]i2[cC]
i0[aA]i1[bB]i2[cC]i3[dD]

or even to:

^[cC]^[bB]^[aA]
^[dD]^[cC]^[bB]^[aA]

Which of these are more readable is debatable.

Thanks again,

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.