Date: Fri, 28 Apr 2017 14:48:12 -0700 From: B B <dustythepath@...il.com> To: john-users@...ts.openwall.com Subject: Re: How to stop consideration of repeated characters Thank you, This is very helpful information. > <john-users-subscribe at lists.openwall.com> Apr 28, 2017, at 1:44 PM, Solar Designer <solar@...nwall.com> wrote: > > Hello Bill, > > On Fri, Apr 28, 2017 at 01:30:40PM -0700, B B wrote: >> I am new to JtR and am trying to recover a lost password for which I have both a probable beginning and end. I also have a limited character set for the middle of the password. >> >> I have been using Crunch to generate word lists but these lists have repeated characters such as [known}aaab[known]. I know for a fact there are NO repeated characters in my lost password but can not find any mention of a rule? to reject them. > > This is tricky and most likely unreasonable to do. What hash or file > type are you attacking? How fast does the attack go? It is unlikely > that reducing the keyspace by such a small margin is going to > significantly improve your chances of cracking that password within the > timeframe you're willing to allocate. > I am attacking a FileVault sparsebundle img hash retrieved with dmg2john (AES256) so realize I must seriously cut down on the possibilities. I have 10 years of data locked away from the simple mistake of creating a 2nd admin account on my laptop to edit my main account. When I checked a Filevault checkbox I did not realize it would RE-encrypt everything to the new admin account and even nullify the original FileVault key. I promptly deleted the account and forgot the password after doing what I needed to do. Sort of stupid, but more like a sloppy mistake. I am using 1.80 Jumbo. >> Another question, to get around the use of Crunch, is can I quote a fixed/known character string at the beginning and the end in a rule? >> >> Such as ???pass???A-z???word???? > > You don't need Crunch. With recent JtR -jumbo, you can achieve the same > with its mask mode, e.g.: > > john -9='?l?u' --mask='pass?9?9?9?9word' passwd-file-here > > or e.g.: > > john -9='?l?u' --mask='pass?9?9[aeiou]?9word' passwd-file-here > > to restrict one of the characters to a smaller set. You can also use > character ranges, etc. > > To likely significantly improve your chances, you can use e.g.: > > john --inc=alpha --min-len=12 --max-len=12 --mask='pass?wword' passwd-file-here > ./john --inc=LowerNum --min-len=12 --max-len=12 --mask=‘pass?wword’ This seems to work fine. Hmm, about 3 weeks with my configuration with 5 unknowns, guess I’ll fire up another box!!! I may have to do several of these at different lengths, maybe up to 6 characters which I'm not sure is possible. I am prepared to spend electricity on this problem. ;) > so that the 4 character (in this example) portion in the middle is > filled with character sequences sorted for decreasing estimated > probability based on character frequencies in other passwords. Is this something I create (other passwords) or what is built into the config file already that you are referring to? ( I believe I’ve read I can create such a file). > Things > like this can make far greater difference than omitting a small fraction > of the keyspace would. > Custom.chr? I know for a fact I did not use z, x or q. Now I could go with —inc LowerNUM which shouldn’t be to bad in iterations of 4 and 5 unknown characters. Are you saying, to be clear that the difference between LowerNUM and a custom character set is not efficient? I note that LowerNum is about 36 vs 27 I am fairly certain about. Thank you > Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.