Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Nov 2015 23:52:22 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Stacked modes

In bleeding-jumbo, our support for "stacking modes" has matured and 
approaches stable & useful now. Not to mention understandable...

We've always had rules, as a kind-of stacked mode upon wordlist (and 
single). And for a while, we have also supported rules with PRINCE.

Then came mask mode, with it's "hybrid" alternative (which is just 
another word for stacked). So you can run eg. wordlist -> mask which 
will not only be way faster than rules, but can also end up GPU 
accelerated (with certain fast formats). For quite some while, this has 
been supported for "some" combinations and not very well tested. We've 
also had "hybrid regex" for a while, but for wordlist only.

Over the last days, I've been adding, unifying, overhauling and testing 
all this and now we are supposedly at this point:

* Mask mode can be run by itself, or stacked upon ANY other mode except 
single.

* Regex mode can be run by itself, or stacked upon any other mode than 
single or mask.

* We can even stack hybrid mask after hybrid regex. We always put mask 
mode last, since it may be GPU accelerated.

* The chain can also end with an external filter in all cases, except a 
chain can not start with External mode, go via stacked regex or mask, 
and end with an external filter. Basically the chain of modes can start 
*or* end with External. BTW using external filter with GPU-side mask 
will end up in some more or less undefined behavior (we currently 
neither disallow it or warn).

* Session/resume supposedly works fine with all combinations. Regex is 
worse than the others: In fact, regex mode can't save/resume at all by 
itself - but when running stacked, at least the parent mode [and 
possibly a downstream hybrid mask] will. For "large" regex's there might 
be quite some dupe work after a resume. If something can be done with 
regex *or* mask mode, you should always choose mask!

So the "longest chain" of candidate generation we can currently do, is:

$ ./john -wordlist -rules -regex:(...) -mask:(...) -external:(...)

(or the same, but using -prince instead of -wordlist). Although the 
common case (for GPU acceleration) would probably be much simpler, eg. 
just adding -mask:?w?a?a to incremental or markov.

doc/MODES and some other files are updated accordingly.


magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.