Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <cd9632ca7943cfc13167f1eb6fe11fa6@smtp.hushmail.com>
Date: Sun, 6 Jan 2013 03:23:51 +0100
From: magnum <john.magnum@...hmail.com>
To: "john-dev@...ts.openwall.com" <john-dev@...ts.openwall.com>
Subject: Markov UTF-8 magic (Was: [john-users] Incremental attack properties questions)

On 5 Jan, 2013, at 14:29 , Frank Dittrich <frank_dittrich@...mail.com> wrote:
> On 01/05/2013 01:11 PM, Frank Dittrich wrote:
>> Since Markov mode generates words based on 2-byte-frequencies, and since
>> it generates passwords shorter than maximum length, there will be a
>> non-neglectable number of words with invalid utf-8 characters,
>> especially at the end of the word. So you might need to combine --markov
>> with an --external filter.
> 
> If you don't want to write a general-purpose utf-8 validity check, but
> just one which checks --markov output based on stats files which have
> been generated using a word list encoded in (valid) UTF-8, then this
> task is quite simple:
> 
> If the last byte is < 0x80, the word is valid.
> Else if the last byte is > 0xbf, the word is invalid.
> Else if the second to last byte is >= 0xc0 and <= 0xdf, the word is valid.
> Else if the third to last byte is >= 0xe0 and <= 0xef, the word is valid.
> Else if the forth to last byte is >= 0xf0 and <= 0xf7, the word is valid.
> Else the word is invalid.

I'm thinking I could include this in the Markov mode itself, provided we run with --enc=utf8. Would that be sane?

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.