Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 7 Jan 2020 17:41:05 +0100
From: Solar Designer <>
Subject: Re: Questions regarding password mask creation


On Sat, Jan 04, 2020 at 09:35:43AM +0100, Johny Krekan wrote:
> Hello, I would like to ask
> 1. Is it possible to make mask in John which will define how many same 
> characters can be used in the same password candidate?

No.  You can define an external mode filter for that.  In the simplest
case, you can use the pre-existing external mode filters I posted here:

> To make it clear:EWSA from Elcomsoft has following two options in their 
> mask attack:
> Limit max number of occurences of a characters in a password where you 
> can specify a number andd limit number of consecutive occurences of the 
> same character in a password where you also can specify a number.

Ah, "consecutive".  The pre-existing external mode filters I referred to
above are for repeated uses of the same character in general, without
the requirement for the repeated character to be next to its previous
instance.  Implementing the check like EWSA's as described above is even
easier.  Why would you want to skip such candidate passwords, though?

> 2. How can I compute total number of passwords when for example i will 
> try 6 character long passwords composed of small latin letters (in 
> normal situation 26^6) but I will force those skipping parameters and I 
> will set the number of consecutive occurences to 2 and limit use of same 
> character in password to 2 as well.

We can come up with formulas for that, but for practical purposes if
you're going to use this for WPA-PSK and intend to run an attack to
completion, for a realistic attack you can quickly generate and count
the candidate passwords e.g. with:

./john --mask='?l?l?l?l?l?l' --external=Filter_NoRepeats --stdout | wc -l

However, length 6 is too short for WPA-PSK.  So what is your use case?


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.