Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 19 Oct 2019 20:02:41 +0300
From: Aleksey Cherepanov <>
Subject: Re: approaches to use old password as baseword for new hash matching by username/login (as in CMIYC 2019)

Aleksey Cherepanov <> writes:
>       - mkpc is 8 for django-scrypt and plaintext formats. --mkpc=1
>         option does not affect the increase of SingleWordsPairMax for
>         these formats.

Wording is wrong: min. and max. KPC are 1 for django-scrypt format, but
KPC used by single mode is 8.

> Example of our script (reformatted):
> ----------------------------------------------------------------------
> while IFS=: read -r u p; do
>     printf '%s\n' "$p" > twl &&
>     grep -- "$u" results/uncracked/ &&
>     echo "$u" &&
>     ./JohnTheRipper/run/john \
>         --users="$u,$u-a,$u-b,$u-c" \
>         results/uncracked/0.* \
>         --wordlist=twl \
>         --rules=': sq1 sw2 se3 sr4 st5 sy6 su7 si8 so9 sp0';
> done < results/pair_user_crack/
> ----------------------------------------------------------------------

Option --skip-self-tests would improve performance in case 1 candidate
per salt. Not much though. The option was created for similar use cases.

Nevertheless with the trick with rules, single mode would be faster even
for 1 candidate per salt. It is not perfect now because there is
additional pass of hashing for every uncracked hash (issue #4111).

> # Copyright © 2016 Aleksey Cherepanov <>

Of course, the year should be 2019. That's from old snippet for license.


Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.