Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 20 Mar 2011 04:43:58 +0300
From: Solar Designer <>
Subject: Re: Couple of questions regarding rules (preprocessor) and truncation

On Fri, Mar 18, 2011 at 08:46:55PM +0100, magnum wrote:
> Here's a cut down version of a rule line I experiment with:
> [List.Rules:T1]
> >[2-9A-Z] '\p[2-9A-Z] A[0z]"1234"

BTW, you can simplify this to:

>[2-9A-Z] '\0 A[0z]"1234"

(no runtime difference, just shorter to type).

> I do want this rule to go to Z for formats that supports that length. 
> But what I would prefer, and actually did try first, is this:
> >[2-*] '\p[2-*] A[0z]"1234"
> This would produce a lot less *rules* when running against 
> length-impaired formats like DES or LM and many other formats too. Could 
> this be made allowed? Or is it already, using some escape I did not try?

No, this is not currently supported.

> I understand the preprocessor can't know about variables but *, + and - 
> are constants and should be known at pp time, right?

This could be implemented, but so far the preprocessor has been entirely
separate from the rule engine and I like it that way.

On my to do list, I have this item: "new reject flag: unless passwords
of length N or longer are supported".  This would let you do what you
wanted by using the new rule reject flag along with the preprocessor's
backreferences.  The syntax could be something like:

->[2-9A-Z] >\0 '\0 A[0z]"1234"

Should I treat your posting as a vote for that new rule reject flag
getting implemented sooner rather than later?

> Anyway, accepting the situation and just trying to mitigate some of the 
> duplicates, I split the example line into two:
> [List.Rules:T2]
> >[2-9A-Z] '\p[2-9A-Z] A0"1234"
> >[2-9A-Z] '\p[2-9A-Z] Az"1234"
> That worked fine, 12 duplicates was muted. Lowering it to 7 works too, 
> or raising it. But why are dupes not muted if I go below 7?
> user@box:~$ ./john -wo:wordlist -stdout=6 -ru:T2
> 1234lo
> 1234lo
> longca
> longca
> words: 21  time: 0:00:00:00 100.00% (ETA: Fri Mar 18 19:01:26 2011) 
> w/s: 1050  current: longca

There was a bug in the code.  I've attached the fix.  Unfortunately,
this fix has performance impact (it's an extra check to perform).

With this patch applied, or with a 32-bit build of John, I am getting:

words: 6  time: 0:00:00:00 100%  w/s: 600  current: longca

> Last, a related question: can I expect DES to behave just like 
> --stdout=8 (and LM just like --stdout=7) when it comes to muting 
> duplicates? I mean, is it the very same parts of John that does it, 
> stdout or not?




View attachment "john-1.7.6-rules-dupe-check-fix.diff" of type "text/plain" (387 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.