Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Jan 2021 15:52:13 +0100
From: Solar Designer <>
Subject: Re: source of information for John's charset files

Hi Johny,

On Mon, Jan 25, 2021 at 03:11:57PM +0100, Johny Krekan wrote:
> Every .chr file which is used in John was generated from some .pot file 
> which contained lots of words/passwords.

Right.  All of the .chr files supplied with JtR were generated from the
same source - a fake .pot file containing the RockYou list, including
duplicates.  I think the RockYou list is no longer redistributed that
way (with the duplicates intact), but if desired this can be recreated
from the "with counts" version of the list found on the SkullSecurity
wiki.  The .chr files were made different through use of different word
filters, which are included as external modes in john.conf.

The included "makechr" script can be used to regenerate the .chr files
using whatever filters john.conf defines (with names matching that
script's embedded regexp) and whatever happens to be in john.pot.  Since
a few new filters were added since, I expect this will generate more
.chr files now.  Some of those might not make sense for actual use -
especially the recently added Filter_NoRepeats and Filter_Repeats were
not intended for generating .chr files.  Their resulting .chr files
won't strictly result in (no) repeated characters despite of the names,
but would probably have biases that do reflect the names, which might or
might not be useful.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.