Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 29 Mar 2014 22:36:43 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Loopback and encoding enhancements

Invasive changes to bleeding-jumbo has been committed. Some new features:
- The loopback mode can now assemble LM password halves. It's a 
nefarious hack, but it works like a champ.
- You can now specify a "hashed encoding" so you can use UTF-8 wordlists 
for cracking eg. LM hashes.
- You can even specify an "intermediate encoding" for the rules engine 
to use when both wordlists and output hashes are UTF-8. This has some 
performance penalty but might come very handy. If you use it when 
attacking a Unicode format (eg. NT) it will automatically pick the 
faster way of doing it (no extra conversion).
- You can set defaults for most everything in john.conf so you'll end up 
normally not needing to specify any encodings.


Details in doc/ENCODING. Examples (using recommended settings in 
john.conf - *not* the backward-compatible defaults as shipped):

$ file test
test: UTF-8 Unicode text

$ cat test
Müller:101:fb0c033ca6248c12aad3b435b51404ee:062de529e54e31079861ec97d666a44f:::
Kübelwagen:102:507cf8a61eb3998e0e3012ff9bfbece4:8afdd1e6003511ee39c3b10254255ef5:::

$ ../run/john test -format:lm --single
Using default input encoding: UTF-8
Target encoding: CP850
Loaded 3 password hashes with no different salts (LM [DES 128/128 AVX-16])
Press 'q' or Ctrl-C to abort, almost any other key for status
GEN              (Kübelwagen:2)
KÜBELWA          (Kübelwagen:1)
MÜLLER           (Müller)
3g 0:00:00:00 DONE (2014-03-29 01:01) 300.0g/s 12800p/s 12800c/s 
38400C/s KÜBELWA..KÜBE1WA
Warning: passwords printed above might be partial
Use the "--show" option to display all of the cracked passwords reliably
Session completed

John picked defaults of UTF-8 for input files and CP850 for LM hashes. 
This also meant that the rules engine and/or the format's internal 
upper-casing of candidates worked for the non-ASCII character. On top of 
that the output was correct for my UTF-8 terminal, despite the actual 
encoding being CP850. The results were also encoded in UTF-8 in the pot 
file, which is arguable - but it's a prerequisite for the next example:


$ ../run/john test -format:nt --loopback
Rules engine using CP850 for Unicode
Loaded 2 password hashes with no different salts (NT [MD4 128/128 X2 
SSE2-16])
Assembling cracked LM halves for loopback
Loop-back mode: Reading candidates from pot file $JOHN/john.pot
Press 'q' or Ctrl-C to abort, almost any other key for status
Kübelwagen       (Kübelwagen)
müller           (Müller)
2g 0:00:00:00 DONE (2014-03-29 01:01) 200.0g/s 3200p/s 3200c/s 6400C/s 
mÜller..müllermüller
Use the "--show" option to display all of the cracked passwords reliably
Session completed

In the second example, John picked defaults of UTF-8 for input files and 
CP850 for "intermediate" encoding (although without any extra speed 
penalty because NT can take any encoding without a second conversion). 
The loopback mode assembled the LM halves and the default loopback rule 
case-toggled the candidates to success.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.