Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <BLU0-SMTP45812A451CB90B37113F28DFDDB0@phx.gbl>
Date: Tue, 17 Jul 2012 10:28:36 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: problem with disc space for shared files in MJohn

On 07/15/2012 01:24 PM, Aleksey Cherepanov wrote:
> I heard that some users have about 40gb of wordlists individually.
> Currently it would be a problem if MJohn would copy all files to the
> server.

We might even need some precautions against using dictionaries that
differ only in the sequence of words.

Imagine someone got rockyou.txt in the original sequence (sorted by
descending frequency), and someone else sorted the file alphabetically.
(There might even be different sort sequences, depending on locale
settings.)

It is obvious that running the same kind of attacks using both of these
files is pointless.

We can't just treat both versions of the file as the same file.
Otherwise, and interrupted session cannot be restored on another client.

Furthermore, the file sorted by frequency usually is the preferred one.
(Just in case later on we just want to try more complex rules on the top
1000 passwords of this wordlist...)

Similar issues could exist with two files that only differ in line
endings (<LF> vs. <CR><LF>).
Even files which just use different encodings should be taken care of,
if the majority of words contain just ASCII characters, and only very
few contain non-ASCII characters.

Do we need to implement some checks for newly added files, and issue a
warning whenever a new file is added which has the same size and/or same
number of lines as an already existing file?

(OTOH, the same problem can exist with rule sections only differing in
the sequence of rules, or rules sections with many overlapping rules.)

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.