Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 22 Feb 2010 10:36:03 -0700
From: Stephen John Smoogen <smooge@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: New updated lanman.chr based on RockYou Data

On Mon, Feb 22, 2010 at 9:57 AM, Minga Minga <mingakore@...il.com> wrote:
>> Cool. Thankyou for outlining the methodology there. Does it change the
>> .chr from say just generating the lanman.chr using the john.conf tool?
>> I usually use that to generate .chr versus going through a loop to
>> crack things.
>
> As it turns out. It *does* make a difference how you generate the
> CHR file.
>
> I regenerated a test.chr using the following command (where
> john.pot.LANMAN1 is a POT file made from the rockyou passwords,
> converted to upper case, then a LM hash is created and placed
> directly into john.pot).
>
> ../john --pot=john.pot.LANMAN1 --make-charset=test.chr
>
> Using this method, I see this:
>
> ../john -i:rockyou-lanman-new -stdout | head -n 10
> ER!
> AN!
> AN"
> AD!
> AD"
> ES!
> ES"
> ER"
> ON!
> ON"
>
> which is different than my previous results. I don't really know why.
> (ER! does make a lot of sense in being first). I don't know which
> method is 'right' or more-valid. But both are logical. I don't plan
> on doing much more with this unless one method is proven to
> be incorrect.
>
>
>> Also have you figured out a good method to remove what looks like a
>> bad database dump in some parts of the rockyou or do you keep that in
>> there?
>
> I responded to Alexander about this privately, guess I should have
> CC'd the list.
> Here is what I did to clean up the list.
>
> 1) removed all email addresses (even though some are likely passwords)
>
> 2) remove all strings longer than 20 chars (even though some are likely
>    passwords).
>
> 3) removed all HTML  (such like this - sorry about the long-line)
>     <embed src="http://apps.rockyou.com/rockyou.swf?instanceid=<?=$instanceid?>"
> quality="high" etc etc
>
> 4) removed all passwords with 'high-ascii'. Some international passwords
>    might get ignored. But I did not wish to include high ascii stuff.

Thankyou again. I am hoping to get some time in a bit to try and
replicate to see how it handles against MD5 or stringed DES





-- 
Stephen J Smoogen.

Ah, but a man's reach should exceed his grasp. Or what's a heaven for?
-- Robert Browning

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.