Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 10 May 2015 22:38:19 +0100
From: Demian Smith <demian.smith@....de>
To: john-users@...ts.openwall.com
Subject: Re: Advise on best approach (truecrypt pw based on pdf
 file)

Hi Magnum,

thanks for your ongoing patience with a young Padawan :s

I am kind of lost, in my opinion the truncate should have easily cracked
the hash, but to no avail. I ran your sed magick again over the txt file
(without linebreaks) and used the truncate rule on it, no luck.

> wordfile had 10686 lines and required 85488 bytes for index.
> 0:00:00:00 - suppressed 1 duplicate lines and/or comments from wordlist.
> 0:00:00:00 - 31 preprocessed word mangling rules

So I am afraid I did something utterly stupid (like starting with the
last art of a sentence and making it a new sentence, typos, adding a
number at the beginnin or end - which I doubt -  et cetera) and hence
will have to go back to incremental and keeping fingers crossed. Unless
someone else has another good idea ...

It is anyway good to start learning about the rules, in case I ever need
them again :)

Cheers,
Demian
--
'It's no measure of mental health to be well adjusted
to a profoundly sick society.'

Sinéad O'Connor

 ★ On 15/05/10 06:24 p.m. Magnum wrote ★
> On 2015-05-10 19:03, Demian Smith wrote:
>>   ★ On 15/05/09 11:37 p.m. Magnum wrote ★
>>> Here's a quick'n'dirty one:
>>>
>>> [List.Rules:truncate]
>>> >[5-9A-C]'\0
>>>
>>> Put the above in john.conf and use it with "--rules=truncate". For an
>>> input word of Tbontbtistqaiaqwsbabtcofm it will output these 8
>>> variations:
>>>
>>> Tbont
>>> Tbontb
>>> Tbontbt
>>> Tbontbti
>>> Tbontbtis
>>> Tbontbtist
>>> Tbontbtistq
>>> Tbontbtistqa
>>
>> I have taken your advise and am running it with A-Z and have as well
>> intentions to look into the "rules" doc to see what 5-9 in this
>> instance means.
> 
> There's nothing special about 5-9, 5 means 5 and 9 means 9. The special
> is rather that that A means 10 and so on.
> 
> Here's a simple rule that truncates to length 5:
> 
> '5
> 
> Here's one that's enhanced to skip words that weren't at least length 5
> in the first place:
> 
>>5'5
> 
> The >5 means that the rule only applies to words longer than 5
> characters, and the '5 is the actual truncation.
> 
> The bracket thing is pre-processor stuff. [5-9A-C] will expand to one
> rule with that whole bracket string replaced with "5", another line
> using "6", and so on. And the \0 means "repeat the last bracket
> expansion". So our pre-processor rule of
> 
>>[5-9A-C]'\0
> 
> will look like this after pre-processing:
> 
>>5'5
>>6'6
>>7'7
>>8'8
>>9'9
>>A'A
>>B'B
>>C'C
> 
> So if you look in the log file, it should say that your one-line "rule"
> is actually 8 rules after pre-processing. Or in case of 5-9A-Z, 31 rules
> (covering lengths 5 through 36, save for fence-post errors).
> 
> magnum
> 
> 

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.