Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <5f4239741002031521s16dc8db6q48856803e6428cac@mail.gmail.com>
Date: Wed, 3 Feb 2010 17:21:29 -0600
From: Minga Minga <mingakore@...il.com>
To: john-users@...ts.openwall.com
Subject: Replacement for all.chr based on "Rock You" Passwords. URL inside.

All,

As you may know, there was a HUGE list of passwords recently revealed
via a 3rd party web-site attack. This list contained approximately
32 million passwords. Numerous articles were made on the statistics
of the passwords.  All the articles were fine and dandy, but not really
impressive because the "research" done was as simple as 'sort | uniq'
stuff.

As a password cracking community, we CAN make use of this disclosure
in order to make better dictionaries, but also to improve our brute
forcing technique.

I dont exactly remember how/when all.chr was created, and I have no
idea the last time it was updated, but I propose we update it
with a .CHR file from the 'RockYou' list mentioned above.

Now, I have many opinions about the passwords from the RockYou list.
They are NOT representative of "real" passwords by trained users in
corporate environments. But they ARE representative of idiots on the
Internet. And I guess thats a good enough place to start, as any, for
the default behaviour of JtR. I propose the all.chr update because we
cannot continue to use and propagate a .CHR file that is so outdated
(assuming it is?).

Since the .chr created from the 'RockYou' list - can NOT be used
to re-create the exact list of passwords, it is not a disclosure of
personal information (up for debate). Therefore, I make the assumption
it is safe for use.

So what KoreLogic did was, obtained the list, cleaned up the list,
obtained a unique list of passwords from the list (14,249,979 in total)
and created a .CHR file based on this list. We are now publishing this
new .chr file for everyone to use.

In the next few months, KoreLogic will be posting a large amount of
password-based research on our website. Mostly based around new
techniques, new rules, and automation of large jobs to be run across
multiple systems. KoreLogic will also be doing multiple presentations
about Security Cons this year presenting our tools/rules/research
in 2010 as well.

As a note: The wordlist will not be revealed (nor the dictionaries
created from it) by KoreLogic due to it's sensitive nature. If you
have this list, please keep it private for the sake of all users
of this Internet thing everyone is talking about ;)

Here is the CHR file, and the README associated with it including
instructions for use, etc. If we don't want to replace all.chr -
instructions are included for using rockyou.chr separately.

http://www.korelogic.com/tools.html#jtr

-Minga
KoreLogic


------------

Sample output of new .chr file:

~/.john$ ./john -i:all -stdout | more
1233
1990
1991
1920
1922
1231
anana
maran
maras
maris
marie

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.