Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 29 Mar 2012 10:33:48 +0200
From: Simon Marechal <>
Subject: Re: Specific rule creation contest

On 28/03/2012 17:06, Matt Weir wrote:
> 2) If you're looking at winning, 'overtraining' is a good thing ;p

That was a really nice challenge, because it allowed me to benchmark my
tool, and, more importantly, to find problems in it ;)

How does yours work ?

Mine is available here :

It takes a dictionnary, a list of password, and tons of "base rules". It
runs the "base rules" agains the dictionnary, then another program tries
to match those generated candidates into the actual password list. It
produces a list of rules of the form :

"base rule" "appended characters" "prepended characters"

For example, with "base rules" u, a single word dictionnary "lap" and a
single password "unlapin", you would get :

"u" "un" ""

Finally, an approximative solution to the coverage problem is found.
There has been a bit of work so that it would not be horribly slow or
take too much memory when working with a bit of data (I usually run it
against a 14.5M entries dictionnary and the rockyou password list).

My score using JtR is 21795. After the solutions were released I
generated some obvious base rules I missed and went to 22190.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.