Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 19 Feb 2010 13:04:08 -0600
From: Minga Minga <mingakore@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: New updated lanman.chr based on RockYou Data

> That cutting in step 2 and 3 is a clever idea as far as I can tell. But
> shouldn't step 4 be omitted?

Step 4 took into consideration that some passwords are longer than 14 chars,
and even though LANMAN doesn't support it - we could still use these
characters for part of the analysis. You are correct though, I just chose
to get as much data out of the set as possible. I doubt it affected the
CHR file that much. The amount of passwords generated by step #4
is pretty small in comparison.

> Step 5 & 6 is not needed, you could just as well run the dict through s/^/:/
> to a fake .pot file. That's quite a bit faster :)

Yeah. I think that's what I actually did. But I did step 5 and 6 for the first
time I tested it, to make sure everything was generated correctly.
Better safe than sorry.

ALSO:
Step 3 and 4 will also generate lots of '' strings (blanks). These are
ignored during the CHR generation process so it didn't matter.
But you could easily add a     egrep -v ^$  in there to get rid of them.

The steps mentioned were more of a "rough idea" of how I did it.
Not a copy/paste of the actual command lines.

-Minga/Rick Redman
KoreLogic

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.