Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 Jun 2021 00:29:51 -0700
From: David Sontheimer <>
Subject: Cracking passphrases

Hello Alexander,

I am curious how you would use John to crack the following password
generation heuristic:

A passphrase, limited to combinations of words from a wordlist of
four-letter words. A passphrase may contain one to four words.

Optionally, each line of the wordlist contains one word, and the wordlist
is limited to 1000 English words.

I've searched the documentation and previous posts to the listserv but
found nothing so far.

john.conf mentions the following, but I don't believe it's quite what I'm

# These are for phrase wordlists w/ spaces
1203 [List.Rules:passphrase-rule1]
1204 .include <rules/passphrase-rule1.rule>
1206 [List.Rules:passphrase-rule2]
1207 .include <rules/passphrase-rule2.rule>

I'm comfortable writing an external script for generating these candidates
and using John's --stdin option, but I'm curious if John can generate these
hashword candidates internally with a wordlist and appropriate rules. If
so, while all candidates would be generated either way, I'm curious if
cracking via internal generation will be more efficient.

If using stdin, I'm curious if I need to somehow batch the candidate
generation to parallelize the work efficiently. For example, all four-word
passphrases from a wordlist of 1000 entries is one trillion total


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.