Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 27 Jun 2021 15:56:20 -0700
From: David Sontheimer <>
Subject: Re: Cracking passphrases

Clarifying - this is not limited to Alexander/Solar.

I'm open to suggestions from all, for both cracking passphrases and my
related post on cracking nested hashes with unknown salts.


On Sun, Jun 27, 2021 at 12:29 AM David Sontheimer <> wrote:

> Hello Alexander,
> I am curious how you would use John to crack the following password
> generation heuristic:
> A passphrase, limited to combinations of words from a wordlist of
> four-letter words. A passphrase may contain one to four words.
> Optionally, each line of the wordlist contains one word, and the wordlist
> is limited to 1000 English words.
> I've searched the documentation and previous posts to the listserv but
> found nothing so far.
> john.conf mentions the following, but I don't believe it's quite what I'm
> after:
> # These are for phrase wordlists w/ spaces
> 1203 [List.Rules:passphrase-rule1]
> 1204 .include <rules/passphrase-rule1.rule>
> 1205
> 1206 [List.Rules:passphrase-rule2]
> 1207 .include <rules/passphrase-rule2.rule>
> I'm comfortable writing an external script for generating these candidates
> and using John's --stdin option, but I'm curious if John can generate these
> hashword candidates internally with a wordlist and appropriate rules. If
> so, while all candidates would be generated either way, I'm curious if
> cracking via internal generation will be more efficient.
> If using stdin, I'm curious if I need to somehow batch the candidate
> generation to parallelize the work efficiently. For example, all four-word
> passphrases from a wordlist of 1000 entries is one trillion total
> candidates.
> Regards,
> -David

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.