Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 16 May 2023 23:46:40 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: rule for password with control characters

On Tue, May 16, 2023 at 07:08:56AM -0700, jeff wrote:
> On 5/16/2023 04:50, Solar Designer wrote:
> >or better yet, optimized versions that produce fewer duplicates (skip
> >trying to insert or overstrike way beyond input word length):
> >
> >[List.Rules:ins_control_1]
> >>\r[00-6] '7 i\p[0-7][\x7f\x01-\x1f]
> >[List.Rules:rep_control_1]
> >>[0-7] '8 o\0[\x7f\x01-\x1f]
> >Since you're cracking descrypt hashes, you may also want to include
> >\x80, which gets processed by descrypt as NUL:
> >
> >[List.Rules:ins_control_1]
> >>\r[00-6] '7 i\p[0-7][\x7f\x80\x01-\x1f]
> >[List.Rules:rep_control_1]
> >>[0-7] '8 o\0[\x7f\x80\x01-\x1f]

> I tried using your better rules.
> 
> [List.Rules:ins_control_1]
> \r[00-6] '7 i\p[0-7][\x7f\x80\x01-\x1f]
> 
> [List.Rules:rep_control_1]
> [0-7] '8 o\0[\x7f\x80\x01-\x1f]

You lost the ">" characters at the start of the lines.  They were _not_
e-mail quoting, but were part of the rules.  Maybe whatever you use to
read e-mail hid them from your view.  So, in plain English, you need to
add ">" right before the "\r", and add ">" right before the "[0-7]".
The ">" is a rule command that asks to reject the input word if it is
shorter than the length given next (which in this case varies between
the many rules generated by preprocessor expansion).

You can also see and copy-paste the rules in the archived message here:

https://www.openwall.com/lists/john-users/2023/05/16/2

> When I tried ins_control_1
> I got the error:
> Invalid rule in (null) at line 4028: Unknown command 0 '7 i0???
> 
> When I tried rep_control_1
> I got the error:
> No "rep_control_1" mode rules found in john.conf

Indeed.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.