Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Aug 2012 18:19:41 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Learn from 'Crack Me If You Can 2012'.

On Thu, Aug 16, 2012 at 06:45:41AM -0500, Richard Miles wrote:
> On Wed, Aug 15, 2012 at 3:05 PM, kzug <kzug10@...il.com> wrote:
> 
> > I did not reply to the group as some of the questions were already
> > answered.

kzug - it was a really bad idea to take this off-list.  Your reply would
have been on topic and desirable, even if repeating something that was
on the list before.  Now we have two threads instead of one.  Anyway,
thanks for replying, even if off-list...

Richard - thank you for bringing this back to the list.  For future
occasions, a better way to do it might have been to ask kzug to post to
the thread on the list, because you wanted to reply on the list.

> On my post? I got no other replies, I also looked at web archive and I
> don't see them. :(

I guess kzug was referring to past discussions.  Frankly, I'd say there
was not a lot to address your questions even in past discussions, and
not a lot now.

> > 1) Wiki page, search for the reworked by Solar Designer Set of rules

I've just updated the wiki page at http://openwall.info/wiki/john/rules
to also include korelogic-rules-20100801-reworked+all-3.txt, which is
the revision we used against fast hashes during the recent contest
(along with some other rulesets).  I described this revision as follows:

In this revision, the individual sections have been included into the
combined KoreLogicRules section roughly in the order of increasing
number of candidate passwords generated by each of the former individual
sections, thus making this combined section suitable for actual use.
Also, the *CurrentYear* sections (and the corresponding lines of the
combined KoreLogicRules section) have been updated to try years 2010
through 2019 (and not just 2010 alone) for the current year.

Another ruleset we used a lot is --rules=jumbo as included in
1.7.9-jumbo-6.  This one combines all rules supplied with JtR:

[List.Rules:Jumbo]
.include [List.Rules:Wordlist]
.include [List.Rules:Single]
.include [List.Rules:Extra]
.include [List.Rules:NT]

Similarly to KoreLogic's rules, this is mostly good for use against fast
hashes.

> But I was looking for a new "revolutionary" ruleset, such was
> KoreLogic when released in 2010. Are you aware of any other?

I am not aware of a new "revolutionary" ruleset.

For passphrases, some of the tricks we used:

1. Custom incremental mode's .chr file containing 27 characters:
lowercase letters and space.  Here's the filter that was used to
generate it:

[List.External:Filter_AlphaSpace]
void filter()
{
	int i, c;

	i = 0;
	while (c = word[i++])
	if ((c < 'a' || c > 'z') && c != ' ') {
		word = 0; return;
	}
}

Of course, CHARSET_LENGTH was increased.

2. Lists of common English words and common passwords combined with
mix.pl (attached to this message).

3. We also extracted likely passphrases from contest-specific texts and
generated them from previously-cracked contest-specific words/phrases.

Alexander

View attachment "mix.pl" of type "text/plain" (347 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.