Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 25 Jul 2009 20:12:41 +0400
From: Solar Designer <>
Subject: Re: Optimized a rule, it is possible ?

On Thu, Jul 23, 2009 at 11:00:55AM +0200, websiteaccess wrote:
>  Is there a way to optimize this rule (this rule take X 10 more cpu 
> power than basis rule) ?
> ^[ _-+*/!?&#'%^@.:=0-9]^r^e^p^u^s

You have a bug in there: you likely wanted the first dash or minus sign
(between the underscore and the plus sign) to be treated literally, but
the way you specified it results in it being treated as denoting a range
of characters, starting from the underscore (ASCII code 95) and ending
with a plus (ASCII code 43) - yes, "reversed" ranges like that are
supported.  This results in the above preprocessor expression being
expanded into 60 rules instead of just 27.  With the bug corrected:

^[ _\-+*/!?&#'%^@.:=0-9]^r^e^p^u^s

this correctly tries just 27 candidate passwords per input word.

What do you mean by it "taking x10 more CPU power", what "basis rule" do
you compare it against?  The expected "slowdown" is roughly 27x compared
to trying the input words as they are, with no rules.

>  I use this rule with ./john -format=raw-md5 -w:mydico -rules md5.txt
>  will generate for example  "super#herewordofmydico"

That's fine.  However, if you ever use this ruleset on another hash
type, supporting input passwords of up to a certain low length only,
then you could want to pass the resulting candidate passwords through
something like "./john ... --stdout=MAXLENGTH | ./unique mangled.lst"
to eliminate the duplicates that would result from the truncation.
Even better, for low maximum lengths like 7 (LM) or 8 (DES-based crypt),
you'd adjust the KnownForce mode to use one-char "sets" of 's', 'u',
'p', 'e', 'r' for the first 5 positions, then your 27 chars for the 6th
position, and then whatever charsets you like for the remaining 1 or 2
positions - the "password space" would be small enough for this.  OK,
this was beyond your question.

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.