Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 31 May 2015 16:09:34 +0200
From: Marek Wrzosek <marek.wrzosek@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Bleeding jumbo now defaults to UTF-8

Let's summarize what have changed. Before defaulting to UTF-8 in
john.pot were plain-texts and there was possible to use many encodings
in one wordlist. Moreover plain-texts were known, but information about
human-readable form of passwords was gone. After change john can use
only single-encoding wordlists, stores human-readable passwords in
john.pot, but plain-texts are gone and one will need to repeat cracking
passwords using many different target encodings. Just defaulting to
UTF-8 have solved some issues but have created new ones.
Maybe there should be some smart "auto" target encoding, that will check
password candidates (in UTF-8 only) if there are any two-byte codes and
if all are from the same alphabet (e.g. Cyrillic) then this password
would be checked using all possible encoding for those characters (e.g.
KOI8-R, CP1251 and of course UTF-8). Any other situations (all ASCII or
many different alphabets in one password) and UTF-8 will be assumed.
This additional target encoding would be turned-on on demand because
there will be some performance issues.
If for cracking password was used other encoding than UTF-8 (if
--target-encoding was used) than john will save this information in some
additional pot file (for backward compatibility reasons) using e.g.
plain-text or name of encoding. Information about encoding would be
displayed when -show option was in use.
It's just a thought. Maybe someone here will have a better idea for
solving those issues.

Best Regards
-- 
Marek Wrzosek
marek.wrzosek@...il.com

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.