Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 28 Jun 2021 16:50:12 +0200
From: magnum <>
Subject: Re: Cracking passphrases

On 2021-06-27 09:29, David Sontheimer wrote:
> I am curious how you would use John to crack the following password
> generation heuristic:
> A passphrase, limited to combinations of words from a wordlist of
> four-letter words. A passphrase may contain one to four words.

Assuming we're talking about Jumbo, this sounds like a perfect use case 
for PRINCE mode: You give it a single wordlist containing all possible 
words and that mode will produce any combinations of words from it 
(including "samesamesamesame" which might not be what you want but the 
numbers of such dupes are too small to care about filtering out).

You can put a (min or) max of how many elements will be put together but 
given the default output length happen to be 16 it shouldn't be needed 
assuming all words are length 4.  OTOH you can try the shorter 
candidates first (should be finished quickly) like this:

./john -prince=4words.txt --prince-elem-cnt-max=1 hashfile
./john -prince=4words.txt --prince-elem-cnt-min=2 
--prince-elem-cnt-max=2 hashfile
./john -prince=4words.txt --prince-elem-cnt-min=3 
--prince-elem-cnt-max=3 hashfile
./john -prince=4words.txt --prince-elem-cnt-min=4 hashfile


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.