Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 27 Nov 2010 16:47:54 -0500
From: Brad Tilley <>
Subject: Re: Cracking a known password shape

On 11/26/2010 08:24 PM, Solar Designer wrote:
> Brad,
> On Tue, Nov 16, 2010 at 09:37:20PM -0500, Brad Tilley wrote:
>> You can code an "enumeration program" to produce all possibilities of
>> those sets writing every possibility to stdout. I placed an example with
>> a test password file here:
>> Next, use your enumeration program with JTR's --stdin feature:
>> ./enumerate | john --stdin passwords.txt
>> I tested this on a Debian Linux 5 machine and my test case did indeed
>> find the password so I'm sure this works, but it may be less efficient
>> than Alexander's method.
>> Alexander, please correct me where I'm wrong.
> You're correct, but I am puzzled as to why you would prefer to write a
> separate program such as your eric.cpp (2 KB, 85 lines, requires a C++
> compiler) as opposed to using JtR's external mode.  

To demonstrate how to think about the problem. It's easy to understand
the problem when you look at a simple example. A working example is even

Eric knew 4 of the 8 characters (or thereabout) so the example showed
explicitly how to fully iterate the parts he didn't know while doing a
limited iteration over the ones he did know or almost knew. I think that
is significant.

You could do it in C just as easily if you dislike C++ (or whatever
language you work best with).

The KnownEric mode I
> had posted is 1.8 KB source, 82 lines, and it does not require anything
> except for JtR itself.  Only 29 lines (in the init() function) are
> specific to Eric's requirements; the rest is unmodified KnownForce code.
> (Both have some comments in the source code, which I included in the
> sizes and line counts.)
> Maybe your eric.cpp is easier for a non-programmer to modify.  (I think
> this should be better addressed by including a "mask mode" into JtR.)

Perhaps. My example is simple and it works and presents the problem in a
basic, easy to understand way (I think). Although it only works on 8
character passwords. User need to understand that a 9th char would
require another loop or a 7 char password would remove a loop. I take
that for granted, I assume others would know to do that, but have
assumed wrong in the past.

> JtR's KnownForce mode variations support interrupt and recovery (this
> actually costs 15 lines of code in the mode definition itself, which you
> have no equivalent of).  This is not trivial to implement with two
> programs where your external program does not know how many of the
> passwords that it has output might not be fully processed yet (there are
> several buffers involved).  (There's a way around this, though.)
> As to speed, neither is the fastest way to do it, but JtR's external
> mode should be faster than having candidate passwords travel between
> programs through the operating system.  Either is fast enough when the
> target hash or cipher is slow (such as with your test run).  In this
> case, any overhead is negligible anyway.
> That said, I appreciate you posting this.  Thanks!

You are welcome.


> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.