Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 1 Jan 2012 10:06:47 +0100
From: Frank Dittrich <>
Subject: Re: John as a wordlist creator

On 12/31/2011 03:12 PM, Alex Sicamiotis wrote:
> I downloaded some extra rules that I merged in john.conf, and while they increased the cracking efficiency,
> a) they were very time consuming (it's to be expected)
> b) they had significant overlap due to mangled worlds appearing the same
> for example
> guesses: 2  time: 0:00:21:43 7%  c/s: 7991K  trying: Alex2194 - Alekshs2
> guesses: 2  time: 0:00:22:48 7%  c/s: 8006K  trying: Giannis2 - Giannhs2
> guesses: 2  time: 0:00:23:17 7%  c/s: 8008K  trying: Alex2521 - Alekshs2
> Alekshs2 appeared a few hundred times, and that means it has been tried a few million times :P

This is caused by the hash type being limited to password length 8, and 
the rules you used were not taking this into account.

I guess the rules appended 4 digits (possibly after capitalizing the word).

So, from the input word "giannis" or "Giannis" , the password candidate 
"Giannis2194" has been created. But later on, john did cut the password 
candidate to length 8.

Unfortunately, you didn't mention the rules you used.

To convert "Giannis" into "Giannis2194", the rule could have been

or something similar like

To avoid generating passwords that exceed the maximum password length 
for you4 hash type, you could change the rule to


Then, the password candidate generated from the  input "Giannis"would 
have been skipped, because the resulting password would be too long.

Possibly, your rule(s) appended all possible 4-digit combinations, like 


In this case, appending "<+" would be less effective, because john would 
generate 10000 password candidates, and reject all of them.

In this case, adjusting the rules to


or something similar would be better.
This rule (or, rather, these 10000 rules) reject(s) input words unless 
their length is shorter than (max. length - 1), then 2 digits are 
appended, then the result is rejected if unless the length is shorter 
than (max. length - 1), then 2 more digits are appended.

If you know you want to use these rules only for hash types with 
password length 8, you could even use


Of course, skipping rules when the resulting password candidate would 
have been too long usually only makes sense when you tried rules 
appending shorter sequences of digits first.

So, with more sophisticated rules you can reduce the risk of producing 
duplicate password candidates.
(You can not avoid duplicates, because this also depends on your input 
word list. IF you have a rule which replaces all vowels with '*', 
different input words can be converted into the same password candidate.)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.