Date: Tue, 22 Mar 2011 20:25:16 +0100 From: magnum <rawsmooth@...dband.net> To: john-users@...ts.openwall.com Subject: Re: single mode On 2011-03-20 21:06, I wrote: > I feel I lack some details about single mode. Actually the best would be > if one could use --stdout together with a [small] input file, for > studying/tweaking rules. But it's not important enough to call for so > maybe I should just hack in an fprintf somewhere and study it. I did that fprintf hack so I can answer most of this myself. Here is what it looks like: 1. From the user's line in the input file, the following are taken as 'words': * The username, verbatim * All words from the GECOS field that starts with a letter and consists of alphanumeric only (anything else is scrapped) * The last part of the home directory (/usr/home/alpha becoms "alpha") 2. Even with no rules (or actually when using the ':' no-op rule), all words alone plus all possible pairs of these words (concatenated with no delimiter) are tried. Also, another similar set of pairs is tried with *first* word truncated to one character. Words: john, doe Candidates: john <- alone doe johndoe <- pairs doejohn jdoe <- truncated pairs djohn However, only the first four words are allowed as the first half of a pair. If there are five words, the fifth will only ever be the second half of a pair. This is to limit the number of combinations and this limit can be changed by altering SINGLE_WORDS_PAIR_MAX in params.h and recompiling. 3. Using rules (with "1", "2" and/or "+" in them), all the word pairs we just saw will be available to your own rules. So if you have a rule saying -p1$_2 you will have the following candidates in addition to the ones we got just from the no-op rule: john_doe doe_john j_doe d_john The SINGLE_WORDS_PAIR_MAX limit applies here too. > Would I ever need to swap 1 and 2 in rules? I mean, if I have this rule: > > -p 1 $@ 2 > > is there any reason to also have: > > -p 2 $@ 1 > > or will that be tried anyway? It will be tried anyway unless one of the words is word #5 or higher on the input line. There may be a little more to this that I haven't noticed but this is the gist of it. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.