Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 03 Mar 2011 14:04:59 +0100
From: Simon <simon@...quise.net>
To: john-users@...ts.openwall.com
Subject: Re: Automatic Rule Generation (was GSoC 2011)

On 01/03/2011 10:28, bartavelle wrote:
> This is another thing that makes my approach somehow viable for someone
> not keen on long term support : if it even outputs a not too bad ruleset
> at one point, it will be possible to use it in reliable tools, even if
> the original code rots :)

You will find attached my first results. It took me a while to have
something that could match large mangled dictionnaries (14529694 words
is mine, based on a wikipedia dump and a lot of cleaning) in the rockyou
password list in terms of execution speed and memory usage.

The following rules were tested :
':', '{', '}', 'D1', 'D2', 'D3', 'D4', 'D5', 'D6', 'D7', 'D8', 'c', 'u',
'C', 'r', 'd', 'f', 'T1', 'T2', 'T3', 'T4', 'T5', 'T6', 'T7', 'T8'

This is obviously just a PoC right now, and you will see the result is
really specific, and doesn't look too powerful. This might be caused by
bugs (most likely) or the fact that the mangling rules were too weak and
produced a result that is too targeted. There is also the problem that
in my approach works with unique passwords and ignore their frequencies.

I'm computing right now for these rules, plus :
'l p', 'c d', 'c r', 'r c', 'l r c r', 'c p', 'S', 'V', 'R', 'L'

and
'/e se3', '/E sE3', '/s ss5', '/S sS5', '/a sa4', '/A sA4', '/i si1',
'/I sI1', '/o so0', '/O sO0', '/z sz2', '/Z sZ2', '/s ss$', '/S sS$'

and all pairs of the previous rules.

I hope this will produce better results, but I'm not too sure right now ...

If somebody knows of a way to test my programs for correctness with more
than really small dictionnaries / password lists, I'm interested.

View attachment "first_test" of type "text/plain" (3113 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.