Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 27 Feb 2010 14:52:18 +0100
From: "Magnum, P.I." <>
Subject: Wordlist + single

I got this idea. I haven't seen it being discussed earlier.

Currently we have these two ways (among others) of producing candidates:
- Single mode will use 'user info' but not a wordlist
- Wordlist mode will use a wordlist but the 'user info' is unavailable

How about combining that? In its simplest form, that is wordlist rules 
(or variables?) that has knowledge of the current user name (and 
possibly gecos info etc). So if I have this hash:

root:$1$somesalt$im/T9r/sZVwtKkFKFArym.:0:0:Super User::

Combining the word 'pass' from a wordlist with the user info, a rule 
could construct password candidates like rootpass, passSuper, 
SuperUserpass and so on (by the way I actually thought this example hash 
would be cracked in seconds by a default install anyway, but it doesn't).

I believe this would prove very powerful but I realize it might be 
non-trivial to implement at this point. Maybe it would be hard to 
accomplish without loosing performance? Hopefully that could be 
mitigated by having this as an optional functionality, or maybe even a 
separate new cracking mode.

Just a thought.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.