Date: Fri, 19 Feb 2010 13:04:08 -0600 From: Minga Minga <mingakore@...il.com> To: john-users@...ts.openwall.com Subject: Re: New updated lanman.chr based on RockYou Data > That cutting in step 2 and 3 is a clever idea as far as I can tell. But > shouldn't step 4 be omitted? Step 4 took into consideration that some passwords are longer than 14 chars, and even though LANMAN doesn't support it - we could still use these characters for part of the analysis. You are correct though, I just chose to get as much data out of the set as possible. I doubt it affected the CHR file that much. The amount of passwords generated by step #4 is pretty small in comparison. > Step 5 & 6 is not needed, you could just as well run the dict through s/^/:/ > to a fake .pot file. That's quite a bit faster :) Yeah. I think that's what I actually did. But I did step 5 and 6 for the first time I tested it, to make sure everything was generated correctly. Better safe than sorry. ALSO: Step 3 and 4 will also generate lots of '' strings (blanks). These are ignored during the CHR generation process so it didn't matter. But you could easily add a egrep -v ^$ in there to get rid of them. The steps mentioned were more of a "rough idea" of how I did it. Not a copy/paste of the actual command lines. -Minga/Rick Redman KoreLogic
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.