Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Aug 2010 09:09:19 -0400
From: Brad Tilley <brad@...ystems.com>
To: john-users@...ts.openwall.com
Subject: Re: Consonant Vowel Patterns

Solar Designer wrote:
> On Thu, Aug 12, 2010 at 09:17:40AM -0400, Brad Tilley wrote:
>> I wanted to ask if others had experimented with consonant vowel patterns
>> in password cracking?
> 
> I briefly played with something like this in 1995 or so, and the code
> stayed around for a few years longer (before being dropped).
> Specifically, early revisions of what became JtR's incremental mode had
> an optional builtin filter (called "wordlike") that would skip candidate
> passwords that contain too many consecutive vowels or consonants.
> It insisted on having no more than 2 consecutive consonants and no
> consecutive vowels (OK, this wouldn't work for Dutch), although these
> numbers were easy to edit in the code:
> 
>   bzero(vowels, sizeof(vowels));
>   vowels['a']++; vowels['e']++; vowels['i']++; vowels['o']++; vowels['u']++;
>   vowels['A']++; vowels['E']++; vowels['I']++; vowels['O']++; vowels['U']++;
> [...]
>         if (wordlike) {
>           *(long *) & classcount = 0;
>           for (wpos = 0; wpos < usecount; wpos++) {
>             classcount[classindex = vowels[word[wpos]]]++;
>             classcount[classindex ^ 1] = 0;
>             if (classcount[0] > 2 || classcount[1] > 1) break;
>           }
>         }
> 
> This was of some help with pre-JtR and early JtR revisions of the code.
> At the time, the sorted character lists were not per-position (there was
> just one list initially, then three lists for beginning/middle/end).
> Then per-position lists were introduced.  Then .chr files with
> per-preceding-two-characters lists were introduced (effectively storing
> info on trigraphs).  By this point, the "wordlike" filter was fully
> obsoleted, so it was eventually not included into a new revision of the
> code (written in 1997-1998, which became JtR 1.5+).
> 
> The above code snippet came from JtR 1.4 released in 1997, although
> "wordlike" was already obsolete by then (JtR 1.4 already had support for
> .chr files).  It's just that I did not drop the code separately from the
> rewrite for 1.5+.
> 
> Alexander

Thank you for the information Alexander. After testing a few mangling
patterns rather than CV patterns, I believe mangling is more efficient.

16crack found roughly 1,000 more hashes using mangling patterns than it
did when using CV patterns. Also, it did so in only 40 hours (rather
than 48) with a modestly sized dictionary. I posted a link to those
hashes for comparison.

Why did no other team post their cracked hashes? Maybe they have but I
just haven't found them. I'd like to see some others. Was it against the
rules? I've not read that we were not to post them.

Brad

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.