Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 16 Mar 2018 14:23:04 +0100
From: Matlink <>
Subject: Is john really using Narayanan and Shmatikov whitepaper?

Hello John users,

I was wondering, for research purposes, how John was applying Markov
chains for its markov mode.

Before reading the source code, I would have some enlightenment about it.

After having read this whitepaper, I found some strange
things about their index function. Accordingly to their 'get_key*'
functions, they are iterating over the alphabet in increasing order. I
guess then it means they are doing bruteforce excepted that they apply a
threshold on password candidate probabilities. Intuitively, Markov
chains-based enumerators would iterate over order of decreasing
probabilities of ngrams.

However, while running John I found that it's not iterating the alphabet
in any kind of order. So it doesn't look like a smart bruteforce. I
guess John authors have made many improvements since.

Thanks for any kind of suggestions,

Matlink - Sysadmin
Sortez couverts, chiffrez vos mails : https://café-vie-privé
XMPP/Jabber :
Clé publique PGP : 0x186BB3CA
Empreinte Off-the-record : 572174BF 6983EA74 91417CA7 705ED899 DE9D05B2

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.