Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 03 Mar 2011 17:58:44 +0100
From: bartavelle <bartavelle@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Automatic Rule Generation (was GSoC 2011)

On 03/03/2011 14:04, Simon wrote:
> I hope this will produce better results, but I'm not too sure right now ...

I did this, using openwall's all.gz list as base dictionnary and rockyou
as password base. I generated 51 rules to match JtR default rules.

I benched it on rootkit.com, against JtR default rules, and all.gz
dictionnary. It found 12837 passwords while default rules 11102. Then I
used my wikipedia extracted list as the base dictionnary, and it found
17231 passwords against 15404. Also, it ran a bit faster (4:24 instead
of 4:44), probably because my rules are really crude and do not try to
be smart.

I believe this is promising, especially for rules that have been
entirely generated. The next step will be to include more rules in my
set, and to improve a lot the preprocessing performance.

I would like to include all replacement rules (sxy) but this would be
way too much data to crunch given the current state of my tools.

I'm not sure this mailing list is the best forum to document this, so I
will probably switch to some blog for those who are interested.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.