Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 19 Mar 2011 22:25:30 +0100
From: magnum <guzziraz@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Couple of questions regarding rules (preprocessor)
 and truncation

On 2011-03-19 00:17, Frank Dittrich wrote:
> Try this instead:
>
> '-M>[2-9A-Z]'\p[2-9A-Z]QAz"1234"
> or just
> '-M'[2-9A-Z]QAz"1234"
>

Yes, but even if I managed to discard all duplicates even for unsorted 
wordlists, I would still not want the preprocessor to create hundreds of 
thousands of rules that just will have *all* of its candidates 
discarded. That is hundreds of thousands of times shuffling the whole 
wordlist (which may be tens or hundreds of megabytes) from disk through 
code and then straight to the bit bucket. My point is to not *produce* 
so many candidates that is later rejected!

For example, the last rule you wrote above would take 0:35 instad of 
1:31, used with the Rockyou wordlist against 135 hashes/one salt of DES. 
(Naturally, I tested that by changing the range to [2-7]). That is some 
decent performance boost! Now replace "1234" with "[0-9][0-9][0-9][0-9]" 
and do the math.

For now, the solution is to have different sets of rules (length ranges) 
for different formats. If we could use the length constants in the 
preprocessor, this would be done automatically.

I'm afraid there's more to it though. If the constants would just be 
"translated" to the corresponding digit or letter (might be an easy 
hack), the [0-*] would work for LM and DES but not MD5 (that would mean 
[0-F] which includes invalid characters). But if it was written [0-9A-*] 
it would not work for LM and DES (translates to eg. [0-9A-8], invalid).

So maybe [0-*] must be a special case just for this.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.