Date: Sat, 19 Mar 2011 22:25:30 +0100 From: magnum <guzziraz@...il.com> To: john-users@...ts.openwall.com Subject: Re: Couple of questions regarding rules (preprocessor) and truncation On 2011-03-19 00:17, Frank Dittrich wrote: > Try this instead: > > '-M>[2-9A-Z]'\p[2-9A-Z]QAz"1234" > or just > '-M'[2-9A-Z]QAz"1234" > Yes, but even if I managed to discard all duplicates even for unsorted wordlists, I would still not want the preprocessor to create hundreds of thousands of rules that just will have *all* of its candidates discarded. That is hundreds of thousands of times shuffling the whole wordlist (which may be tens or hundreds of megabytes) from disk through code and then straight to the bit bucket. My point is to not *produce* so many candidates that is later rejected! For example, the last rule you wrote above would take 0:35 instad of 1:31, used with the Rockyou wordlist against 135 hashes/one salt of DES. (Naturally, I tested that by changing the range to [2-7]). That is some decent performance boost! Now replace "1234" with "[0-9][0-9][0-9][0-9]" and do the math. For now, the solution is to have different sets of rules (length ranges) for different formats. If we could use the length constants in the preprocessor, this would be done automatically. I'm afraid there's more to it though. If the constants would just be "translated" to the corresponding digit or letter (might be an easy hack), the [0-*] would work for LM and DES but not MD5 (that would mean [0-F] which includes invalid characters). But if it was written [0-9A-*] it would not work for LM and DES (translates to eg. [0-9A-8], invalid). So maybe [0-*] must be a special case just for this. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.