Date: Fri, 3 Feb 2012 09:05:48 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Minimum Password Length POO On Fri, Feb 03, 2012 at 12:58:36AM +0100, Per Thorsheim wrote: > Sorry if I'm way out of line here, posting this to john-users: Why, you're asking a reasonable JtR-specific question here - so your posting is appropriate and desirable. The Subject does not reflect it, though. ;-) > Using the Dumb16 and Dumb32 modes, I'm curious about keyspace > calculations and configuration examples for john on how to do dictionary > +"common Unicode characters" attacks. Like using the U+2665 "Black Heart > Suit" character (Windows UTF-8 Times New Roman font, NO kb layout) to > separate "I" from "insert name of loved one here". This is tricky right now. As they are, Dumb16 and Dumb32 will crack only extremely short passwords. As a test, I took a string of the type you describe from: http://en.wikipedia.org/wiki/Variable-width_encoding "For example, the four character string "I NY" is encoded in UTF-8 like this (shown as hexadecimal byte values): 49 E2 99 A5 4E 59. Of the six units in that sequence, 49, 4E, and 59 are singletons (for I, N, and Y), E2 is a lead unit and 99 and A5 are trail units. The heart symbol is represented by the combination of the lead unit and the two trail units." (I replaced the actual heart character with a space in this e-mail since I am not sending it in UTF-8.) So I put this in a file: $dummy$49e299a54e59 That's four characters, six octets. I also verified it by copy-pasting the actual string (with the heart character) into "od -tx1" on a terminal configured for UTF-8 - got the same sequence of octets. Then I ran: ./john -ext=dumb16 pw-iloveny It started running, but clearly would take too long to crack this password - for four characters, each of which may be of multiple octets, it's like cracking roughly a 62-bit cryptographic key when we use a dumb approach like this. With Dumb16, there's supposed to be 54473 different characters currently. BTW, a simple non-Unicode-aware DumbForce would be quicker in this case: just 6 octets, which is more like 47 bits or so - still very long, though. So I added this to john.conf: [List.Rules:I_NY] Az"NY" ^I and ran: $ ./john -se=1 -ext=dumb16 -stdo | ./john -se=2 -pipe -ru=I_NY pw-iloveny Loaded 1 password hash (dummy [N/A]) I NY (?) guesses: 1 time: 0:00:00:00 c/s: 53125 trying: I NY - I NY Instant crack - indeed, there was only one character to crack here, even if a Unicode one. Verifying it: $ cut -f2- -d: john.pot | od -tx1 0000000 49 e2 99 a5 4e 59 0a For practical use, I think it may make sense to generate a ruleset inserting Unicode characters in different character positions, or alternatively use the output of Dumb16 or Dumb32 (up to a certain number of characters on a line - perhaps just 1 or 2) as a wordlist and append/prepend single-octet characters and character groups with rules. It also makes sense to combine two or three small wordlists - of which one is the Dumb16 or Dumb32 wordlist and the rest are normal wordlists - with Perl scripts such as mix.pl, which I posted previously: http://www.openwall.com/lists/john-users/2010/02/14/5 (Oops, e-mail address obfuscation corrupts the script a little bit. Those lines should have (@w1) and (@w2) on them.) A slightly more real attack: [List.Rules:A_AA] Az"[A-Z][A-Z]" ^[A-Z] $ ./john -se=1 -ext=dumb16 -stdo | ./john -se=2 -pipe -ru=A_AA pw-iloveny Loaded 1 password hash (dummy [N/A]) I NY (?) guesses: 1 time: 0:00:02:35 c/s: 18929K trying: I NY - I NY Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.