Date: Thu, 12 Aug 2010 09:17:40 -0400 From: Brad Tilley <brad@...ystems.com> To: john-users@...ts.openwall.com Subject: Consonant Vowel Patterns I wanted to ask if others had experimented with consonant vowel patterns in password cracking? Perhaps others know this approach by a different name? I believe the proper term is phonology (I may be wrong on that). Here is an example pattern: CVCCVC That pattern is common and found in many words. Here are some words based on it: batman badguy bigboy (catfig)ht (barfig)ht (Falcon)s bullet defcon ... That is just one common pattern, there are many others. One thing I like about these patterns is that they are cheap to compute and once computed, you have all passwords that fit that pattern. The C list is only consonants and the V list is only vowels. N is only numbers while S is only special chars. C = 30s-40s (drop chars that are seldom used z,x,j if you like) V = aeiouAEIOU N = 1234567890 S = 30s (less if you only want the commonly used chars) So any variation of batmanNN would be cracked by CVCCVCNN and it only takes 40 * 10 * 40 * 40 * 10 * 40 * 10 * 10 = 25,600,000,000: BATMAN78 Batman01 bAtMaN00 ... This is the approach I took with 16Crack in the KoreLogic contest. And again, I lost by *a large margin* as I was only averaging about 80 cracks per hour and in order to be competitive I would need to average about 800 cracks per hour. Nonetheless, it was interesting to me to see how this approach would fair against the more conventional approaches. There may be a mode somewhere in JTR that does this or something similar. I only wanted to share it with the list just in case others find it useful for some sort of attack. Obviously, it does not stand on its own and needs other approaches combined with it to be competitive and may be a bad idea altogether compared to traditional approaches. Any advice on the approach or thoughts of its general worthiness is appreciated! Brad
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.