Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 3 Feb 2012 09:05:48 +0400
From: Solar Designer <>
Subject: Re: Minimum Password Length POO

On Fri, Feb 03, 2012 at 12:58:36AM +0100, Per Thorsheim wrote:
> Sorry if I'm way out of line here, posting this to john-users:

Why, you're asking a reasonable JtR-specific question here - so your
posting is appropriate and desirable.  The Subject does not reflect it,
though. ;-)

> Using the Dumb16 and Dumb32 modes, I'm curious about keyspace
> calculations and configuration examples for john on how to do dictionary
> +"common Unicode characters" attacks. Like using the U+2665 "Black Heart
> Suit" character (Windows UTF-8 Times New Roman font, NO kb layout) to
> separate "I" from "insert name of loved one here".

This is tricky right now.  As they are, Dumb16 and Dumb32 will crack
only extremely short passwords.

As a test, I took a string of the type you describe from:

"For example, the four character string "I NY" is encoded in UTF-8 like
this (shown as hexadecimal byte values): 49 E2 99 A5 4E 59.  Of the six
units in that sequence, 49, 4E, and 59 are singletons (for I, N, and Y),
E2 is a lead unit and 99 and A5 are trail units.  The heart symbol is
represented by the combination of the lead unit and the two trail units."

(I replaced the actual heart character with a space in this e-mail since
I am not sending it in UTF-8.)

So I put this in a file:


That's four characters, six octets.  I also verified it by copy-pasting
the actual string (with the heart character) into "od -tx1" on a
terminal configured for UTF-8 - got the same sequence of octets.

Then I ran:

./john -ext=dumb16 pw-iloveny

It started running, but clearly would take too long to crack this
password - for four characters, each of which may be of multiple octets,
it's like cracking roughly a 62-bit cryptographic key when we use a dumb
approach like this.  With Dumb16, there's supposed to be 54473 different
characters currently.  BTW, a simple non-Unicode-aware DumbForce would
be quicker in this case: just 6 octets, which is more like 47 bits or so -
still very long, though.

So I added this to john.conf:

Az"NY" ^I

and ran:

$ ./john -se=1 -ext=dumb16 -stdo | ./john -se=2 -pipe -ru=I_NY pw-iloveny
Loaded 1 password hash (dummy [N/A])
I NY           (?)
guesses: 1  time: 0:00:00:00  c/s: 53125  trying: I NY - I NY

Instant crack - indeed, there was only one character to crack here, even
if a Unicode one.

Verifying it:

$ cut -f2- -d: john.pot | od -tx1
0000000 49 e2 99 a5 4e 59 0a

For practical use, I think it may make sense to generate a ruleset
inserting Unicode characters in different character positions, or
alternatively use the output of Dumb16 or Dumb32 (up to a certain number
of characters on a line - perhaps just 1 or 2) as a wordlist and
append/prepend single-octet characters and character groups with rules.
It also makes sense to combine two or three small wordlists - of which
one is the Dumb16 or Dumb32 wordlist and the rest are normal wordlists -
with Perl scripts such as, which I posted previously:

(Oops, e-mail address obfuscation corrupts the script a little bit.
Those lines should have (@w1) and (@w2) on them.)

A slightly more real attack:

Az"[A-Z][A-Z]" ^[A-Z]

$ ./john -se=1 -ext=dumb16 -stdo | ./john -se=2 -pipe -ru=A_AA pw-iloveny
Loaded 1 password hash (dummy [N/A])
I NY           (?)
guesses: 1  time: 0:00:02:35  c/s: 18929K  trying: I NY - I NY


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.