Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 19 Jan 2011 15:36:39 -0700
From: RB <aoz.syn@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Plain Text/No-op Password Format

On Wed, Jan 19, 2011 at 14:08, Freddie Witherden <freddie@...herden.org> wrote:
> I am interested to know if John supports (or there exist patches to add
> support) for a plain text password format.

I doubt one exists, but it would be relatively easy to make.  Adding
it would be no different than any other new password format, and
considerably simpler to code since you'd just be doing string ops
instead of cryptographic ones.  Someone who's actually authored one of
the _fmt.c files and made the requisite hooks within JTR would be more
qualified to tell you precisely what adding that format entails.

> My interest in such a format is in answering questions such as "with a
> given set of rules/word lists how many candidates would have to be
> generated to determine the password."

Interesting concept - I can't say that it's a complete measure of
password/wordlist/rule quality, but it's got to be more objective than
the timing tests one would currently have to engage.  This could be
approximated with the '--stdout' option and a little judicious shell
coding, but would definitely be cleaner (if unlikely faster) as
integrated code.  Unlikely faster b/c the core JTR code is still
single-threaded, that is.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.