Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 15 Apr 2014 19:45:23 -0400
From: kzug <>
Subject: Re: Filter password candidates generated by --incremental (was: EXTRA characters.)

Thanks Frank, 
Your help is really appreciated. 

On TuesdayApr 15, 2014, at 1:31 PM, Frank Dittrich wrote:

> On 04/15/2014 07:10 PM, KZug wrote:
>> Is there a way with John to remove some patterns with —incremental output? 
>> I.e. With Jeff’s AES 256 issues that we had few weeks ago, his charset was limited AND he had a long list of patterns limitation. It’s a bit between  —Incremental and —mask 
>> No passwords with 4,3 or 2 digits in a row
>> No passwords in all upper case 
>> No passwords in all under case
>> No passwords with more than 3 signs
>> Etc …
>> So, do you (or anyone) know of a way to skip those patterns? Besides greping the output to death? 
> For (very) slow hashes, implementing an external filter and using
> --external=... in addition to --incremental might be appropriate.
> For existing filters, see the output of
> $ ./john --list=ext-filters-only
> Then check john.conf for these filters:
> [List.External:AtLeast1-Simple]
> [List.External:AtLeast1-Generic]
> [List.External:Policy]
> They might provide guidance for defining your own --external mode.
> Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.