Date: Thu, 16 Aug 2012 06:45:41 -0500 From: Richard Miles <richard.k.miles@...glemail.com> To: kzug <kzug10@...il.com> Cc: john-users@...ts.openwall.com Subject: Re: Learn from 'Crack Me If You Can 2012'. Hi kzug, Thanks for follow-up, very appreciated! :) I'm answering inline... On Wed, Aug 15, 2012 at 3:05 PM, kzug <kzug10@...il.com> wrote: > I did not reply to the group as some of the questions were already > answered. > > On my post? I got no other replies, I also looked at web archive and I don't see them. :( > 1) Wiki page, search for the reworked by Solar Designer Set of rules > Reusable security, search for John the Ripper Related topics > Nice, I was aware of it, but basically is makes it runs faster and fix a few bugs. But I was looking for a new "revolutionary" ruleset, such was KoreLogic when released in 2010. Are you aware of any other? Do you have experience with rulesfinder ( https://github.com/bartavelle/rulesfinder)? What do you think about it? > 2) plenty in Google > Serious? I was unable to find any built passphrase list :( > Download an ebook and make your own (TextWrangler + grep) i.e Bible > etc > Web parser , i.e WikiQuotes > Hummm.. do you know any link that explain how to do it? I have no experience with TextWrangler and I'm a bit unsure about the results of this semi-automated approach... I was looking at famous quotations and most of the sites split it by author or type, which should be this process very boring and slow. Examples: http://www.brainyquote.com/ http://www.quotationspage.com/quotes/ Also, they suggest a few books, but not sure how good they are. http://www.quotationspage.com/books.php3?amp;category=quoteref BTW, do you know if the pass-phrase used by john-users team during the KoreLogic contest 2012 will be released? :) I was reading the archive and appear that a person called Kevin Young has a great job on this topic: "First of all I want to acknowledge the work Kevin Young did. He's another password cracking researcher who's been investigating passphrases, (you can see an article he was interviewed for here: http://www.computerworld.com/s/article/9227894/How_Charles_Dickens_helped_crack_your_LinkedIn_password). I met him at Defcon and he wanted to help out, and since he was dealing with internet connectivity issues like I was it turned out to be easier for him to just give me his cracked passwords and have me upload them to our server vs. him registering as another member on our team. Pretty much all the passphrases I uploaded were ones that he had cracked. I'm not sure about the exact hardware he used, but I'm pretty sure it was just a laptop he had left running in his hotel room." Do you know if he is releasing his pass-phrase lists and tricks? :) Thanks.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.