Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 10 May 2015 00:37:27 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Advise on best approach (truecrypt pw based on pdf
 file)

On 2015-05-09 23:03, Demian Smith wrote:
>> Let's concentrate on wordlist rules. If it's indeed a partial
>> sentence, would you think it's truncated in the end and still
>> starting with an uppercase letter?
>
> It does start with a upper case letter, that's for sure. If I understand
> correctly, it would have been truncated at the end -  if the original
> sentence would have been
>> To be or not to be, that is the question, and indeed a question which shall
>> be answered,  by this circle of fine man who gathered on this moonlit December night
>
> It would be any of these
> Tbontb
> Tbontbtistq
> Tbontbtistqaiaqwsba
> Tbontbtistqaiaqwsbabtcofm
> and so on.

So you wouldn't stop in the middle of a sub phrase (or whatever it's 
called) ie. you wouldn't have used "Tbontbti"? That's hard to automate 
so we'll probably just have to ignore it and try any truncations to eg. 
5-12 characters.

>> Also, how large (number of lines) is that wordlist? Did you try
>> just running it with --rules (and perhaps --rules=single in another
>> run)?
>
> The list I have created by removing all lines starting with non capital
> letters is a whopping 3803 lines long, but the last lines are in the
> ranks of 50 and more chars (the longest being 97 chars).

OK that's a small amount. We should be able to run that through a decent 
number of permutations if needed.

> After your pointer towards rules I have now cut the lines at 20 chars
> and am running it with the rules on the wordlist. I've not worked with
> rules either, would I have to write some useful ones (for my case)  first?

Here's a quick'n'dirty one:

[List.Rules:truncate]
 >[5-9A-C]'\0

Put the above in john.conf and use it with "--rules=truncate". For an 
input word of Tbontbtistqaiaqwsbabtcofm it will output these 8 variations:

Tbont
Tbontb
Tbontbt
Tbontbti
Tbontbtis
Tbontbtist
Tbontbtistq
Tbontbtistqa

If you want longer than 12, change the 'C' in A-C. 5-9 means literally 
5-9, A means 10, B is 11 and so on so A-C here means a truncate at a 
length of 10-12. I think you can actually use A-Z in this case and it 
wont take too long.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.