Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240515211629.GA17234@openwall.com>
Date: Wed, 15 May 2024 23:16:29 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Markov phrases in john

On Wed, May 08, 2024 at 09:48:26AM -0400, Rich Rumble wrote:
> I don't think JtR has the "combinator" attack that HashCat has:
> https://hashcat.net/wiki/doku.php?id=combinator_attack#combinator_attack
> But this question has been raised a few times in the past:
> https://www.openwall.com/lists/john-users/2006/10/19/4
> Prince Processor maybe of interest to you:
> https://www.openwall.com/lists/john-users/2017/09/25/1

Right.  Slide 72:

---
-> Candidate passphrase generators (mostly 2010s) <-

* Wordlist rules appending/prepending specific embedded words

* Trivial word-combining Perl scripts posted to john-users (2006)

* hashcat Combinator mode (2 words from 2 lists, not probabilistic)

* PRINCE (PRobability INfinite Chained Elements) by atom (2014)
  - Sorts for increasing combined length, otherwise not probabilistic
  - hashcat project's princeprocessor
  - Kindly also contributed to John the Ripper, became a built-in mode

* Passphrase mangling rulesets like for wordlists, but expect phrases (2019)

* Passphrase lists e.g. extract all 2 to 6 sequences from Project Gutenberg
  books, sort from most to least common (2021, unreleased)
---

Embedded words are common in large hashcat rulesets, which we now have
integrated in John the Ripper, which automatically sets "hashcat mode"
for them.  So if you run our --rules=All, you get these, but that's
~11M rules total (post-preprocessor), which may be too many for large
wordlists and slow targets.  A more optimal option for those cases is
--rules=OneRuleToRuleThemStill, which we also have integrated and it's
only ~49k rules.  I suggest to let the dupe suppressor use more memory
(than its 256 MiB default) when you use these on slow targets.

The trivial Perl scripts are at the 2006 link Rich included above.

The passphrase mangling rulesets include these, by john.conf section:

[List.Rules:Multiword]
[List.Rules:PhrasePreprocess]
[List.Rules:Phrase]
[List.Rules:PhraseCaseOne]
[List.Rules:PhraseWrap]
[List.Rules:passphrase-rule1]
[List.Rules:passphrase-rule2]

The year 2019 is when I came up with Multiword above and magnum got it
in.  The passphrase-rule* ones are hashcat project's - I don't know
whether they're older or newer than 2019.  The Phrase* rulesets are what
I created later, in 2021 I think, and they're more optimal.
Specifically, the Phrase* ones are good for use along with those Project
Gutenberg phrases that I should probably process some more and release.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.