Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 19 Mar 2011 22:25:30 +0100
From: magnum <>
Subject: Re: Couple of questions regarding rules (preprocessor)
 and truncation

On 2011-03-19 00:17, Frank Dittrich wrote:
> Try this instead:
> '-M>[2-9A-Z]'\p[2-9A-Z]QAz"1234"
> or just
> '-M'[2-9A-Z]QAz"1234"

Yes, but even if I managed to discard all duplicates even for unsorted 
wordlists, I would still not want the preprocessor to create hundreds of 
thousands of rules that just will have *all* of its candidates 
discarded. That is hundreds of thousands of times shuffling the whole 
wordlist (which may be tens or hundreds of megabytes) from disk through 
code and then straight to the bit bucket. My point is to not *produce* 
so many candidates that is later rejected!

For example, the last rule you wrote above would take 0:35 instad of 
1:31, used with the Rockyou wordlist against 135 hashes/one salt of DES. 
(Naturally, I tested that by changing the range to [2-7]). That is some 
decent performance boost! Now replace "1234" with "[0-9][0-9][0-9][0-9]" 
and do the math.

For now, the solution is to have different sets of rules (length ranges) 
for different formats. If we could use the length constants in the 
preprocessor, this would be done automatically.

I'm afraid there's more to it though. If the constants would just be 
"translated" to the corresponding digit or letter (might be an easy 
hack), the [0-*] would work for LM and DES but not MD5 (that would mean 
[0-F] which includes invalid characters). But if it was written [0-9A-*] 
it would not work for LM and DES (translates to eg. [0-9A-8], invalid).

So maybe [0-*] must be a special case just for this.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.