Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 25 Feb 2011 13:00:15 +0300
From: Solar Designer <>
Subject: Re: Insert word between words

On Fri, Feb 25, 2011 at 10:19:49AM +0100, wrote:
>  As you know my wordlist is very large (64 gigas, I can't edit it and 
> repair malformed lines if exists), sometimes and I don't know why JTR 
> freeze

As I had explained to you before, JtR will appear to freeze for a while
when a rule rejects all input words (or at least a large consecutive
portion of the wordlist).  Reading those gigabytes from disk takes time.

>  Is a line of my wordlist malformed ?

No idea.  Maybe.  But this has nothing to do with the freeze (unless you
have many megabytes of malformed lines in a row).

>  With ")c" I try to check the last character is class c (a-z) and not 
> something weird

Then you should be using ")?c" (refer to class "c") rather than ")c"
(refer to the literal character "c").  Also, class "c" is not a-z, but
rather it's all consonants, both lower- and upper-case.  For a-z
(lowercase only), use ")?l".  For all letters (also uppercase), use
")?a".  All of this is in the documentation.

> to avoid freeze, but it do not works really. :(

It won't help you avoid freeze.  On the contrary, it will make JtR
reject more input words, making a possible freeze more likely.

>  an other thing : rule is  "'6 /[ ] Dp X6zz Ap,me,"
> cracked pass = "textme", "swapme", "minime", seems word+"me" and not 
> word+me+word  :-/  , it should not happens.

I think you made a wrong conclusion.  My guess is that those passwords
got cracked because you had words "text", etc. in your wordlist followed
by single space characters (and then nothing).  You probably also had
them followed by space characters and then other words, but passwords of
the form word+me+word are simply both a lot less common and a lot harder
to crack.  It is not surprising that simpler passwords get cracked first.

Overall, I think that your approach is wrong.  I would not be applying
mostly-skipping rules to a wordlist this large - you waste too much time
in disk reads by doing so.

You can in fact "edit" your large wordlist, producing several smaller
ones from it.  You can use JtR itself for such filtering.  Then use
those smaller wordlists with simpler rules that would not need to skip
anything.  For example, you can have a separate wordlist containing only
word pairs and only those where the first word is of a specific length
(if you like to apply a restriction like that).  Such a wordlist will be
a lot quicker to apply further rules to.

I hope this helps.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.