Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 12 Nov 2010 15:41:06 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Wordlist Mangling Rule

On Mon, Nov 08, 2010 at 06:59:28PM +1300, Al Grant wrote:
> The rule was more designed around the assumption that most residential AP's
> protected with WPA etc
> Probably have a 8 character or shorter word, possibly beginning with a
> capital, and if not 8 digits then made
> To come to 8 by adding the appropriate number of digits, probably 123 etc.

This makes some sense.

> Do that make a rule any simpler to generate?

Your explanation of the rationale does not change the assumption you
wanted to encode in the rules, so the answer is no - the same rules I
had posted earlier are the ones to use to implement your assumption:

> [List.Rules:Wordlist]
> -\r[c:c] <B >7 \p[clu]
> -\r[c:c] <8 >6 \p[clu] $[0-9]
> -\r[c:c] <7 >5 \p[clu] Az"[0-9][0-9]"
> -\r[c:c] <6 >4 \p[clu] Az"[0-9][0-9][0-9]"
> -\r[c:c] <5 >3 \p[clu] Az"[0-9][0-9][0-9][0-9]"
> 
> This includes some extra complexity to deal with case-insensitive hashes
> optimally.  If you don't need that, or if you're using an older version of
> JtR that does not understand the '\r' flag, you can simplify to:
> 
> <B >7 [clu]
> <8 >6 [clu] $[0-9]
> <7 >5 [clu] Az"[0-9][0-9]"
> <6 >4 [clu] Az"[0-9][0-9][0-9]"
> <5 >3 [clu] Az"[0-9][0-9][0-9][0-9]"
> 
> There's no performance difference between these two with case-sensitive
> hashes, but the first one is up to 3x faster for case-insensitive.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.