Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Mar 2011 20:25:16 +0100
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Re: single mode

On 2011-03-20 21:06, I wrote:
> I feel I lack some details about single mode. Actually the best would be
> if one could use --stdout together with a [small] input file, for
> studying/tweaking rules. But it's not important enough to call for so
> maybe I should just hack in an fprintf somewhere and study it.

I did that fprintf hack so I can answer most of this myself. Here is 
what it looks like:

1. From the user's line in the input file, the following are taken as 
'words':

* The username, verbatim
* All words from the GECOS field that starts with a letter and consists 
of alphanumeric only (anything else is scrapped)
* The last part of the home directory (/usr/home/alpha becoms "alpha")

2. Even with no rules (or actually when using the ':' no-op rule), all 
words alone plus all possible pairs of these words (concatenated with no 
delimiter) are tried. Also, another similar set of pairs is tried with 
*first* word truncated to one character.

Words: john, doe
Candidates:
   john      <- alone
   doe
   johndoe   <- pairs
   doejohn
   jdoe      <- truncated pairs
   djohn

However, only the first four words are allowed as the first half of a 
pair. If there are five words, the fifth will only ever be the second 
half of a pair. This is to limit the number of combinations and this 
limit can be changed by altering SINGLE_WORDS_PAIR_MAX in params.h and 
recompiling.

3. Using rules (with "1", "2" and/or "+" in them), all the word pairs we 
just saw will be available to your own rules. So if you have a rule saying

   -p1$_2

you will have the following candidates in addition to the ones we got 
just from the no-op rule:

   john_doe
   doe_john
   j_doe
   d_john

The SINGLE_WORDS_PAIR_MAX limit applies here too.


> Would I ever need to swap 1 and 2 in  rules? I mean, if I have this rule:
>
> -p 1 $@ 2
>
> is there any reason to also have:
>
> -p 2 $@ 1
>
> or will that be tried anyway?

It will be tried anyway unless one of the words is word #5 or higher on 
the input line.

There may be a little more to this that I haven't noticed but this is 
the gist of it.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.