Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4E3FB72C.1080201@bredband.net>
Date: Mon, 08 Aug 2011 12:15:08 +0200
From: magnum <rawsmooth@...dband.net>
To: john-users@...ts.openwall.com
Subject: Unicode DumbForce

I just uploaded 
"0004-Dumb16-UCS-2-and-Dumb32-Unicode-external-modes-added.patch" to the 
wiki, that adds two external modes to john.conf:

* Dumb16 tries all allocated codepoints in the UCS-2 part of Unicode 6.0 
(there are 15801 of them) and outputs them as UTF-8.

* Dumb32 tries all allocated codepoints in Unicode 6.0 (there are 23296 
of them) and outputs them as UTF-8. Note that our current NT and mscash1 
formats only supports UCS-2 so using Dumb32 against them is just a waste.

For Unicode formats (like NT), use with -enc=utf8 (or just -utf8 for 
John versions from 1.7.7 Jumbo-5 and prior to 1.7.8 Jumbo-5). For 8-bit 
formats (hashes actually made from UTF-8) you don't need such options 
and in this case you can use these modes with much older versions of JtR.

These are meant for narrowing in on a codepage for Unicode hashes, or 
for experimenting/debugging or just understanding how mindbogglingly 
huge the Unicode space is when brute forcing: For example, using Dumb16 
we can exhaust 3 characters for NT in a couple of weeks, but a 4th 
character would take 500 years. Using Dumb32 it would be thousands of 
years. The external engine becomes a bottleneck when attacking very fast 
hashes, NT speed (using -enc=utf8) decreases from ~21000K to just ~3500K 
for me when running dumb16.

But if you're lucky you'll crack a very short password and this might 
help in choosing wordlists and encodings for further, non-dumb cracking. 
Another option, of course, is to comment out parts of the character 
definitions for attacking a certain part of the space.

The mode definitions are long. Like already discussed, we need some sort 
of #include for john.conf.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.