Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 9 Mar 2016 15:44:10 +0200
From: Shinnok <admin@...nnok.com>
To: john-users@...ts.openwall.com
Subject: Re: Johnny's "Guess password" button

Hi Marek,


> On Mar 4, 2016, at 6:57 PM, Marek Wrzosek <marek.wrzosek@...il.com> wrote:
> 
> Hi list
> 
> How does "Guess password" work? Does it use john at all? There is no
> sign of it in the console log. Were there any plans of adding similar
> function to john? I mean e.g.:
> $./john --guess=foo ...
> 
> instead of something like this:
> 
> $ echo foo|./john --stdin ...
> 

Indeed Johnny is using --stdin for Guess.

> or:
> 
> $ echo foo > single_word
> $ ./john --wordlist=single_word ...
> 
> It would be easier to use rexgen with alphabet like this:
> 
> $ ./john --guess=624686 --regex=alpha:T9='\0' --stdout

There is no option --guess to john. I'm not sure how useful this could be in the main tool.

> 
> instead of:
> 
> $ echo 624686 | ./john --stdin --regex=alpha:T9='\0' --stdout
> 
> or even;
> 
> $ ./john --regex='[mno6][abc2][ghi4][mno6][tuv8][mno6]' --stdout
> 
> Instead of applying regex mode, it could be hybrid mask or word mangling
> rules (just like for wordlist mode).

The rexgen approach is indeed interesting, though it would be a jumbo specific implementation. I don't remember it being proposed when Guess was being discussed, do you see any specific benefits  for considering this with a jumbo detection? (we already have some jumbo specific functionality in Johnny)

Shinnok

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.