Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <54089.149.9.0.27.1156854779.squirrel@www.jpberlin.de>
Date: Tue, 29 Aug 2006 14:32:59 +0200 (CEST)
From: rembrandt@...erlin.de
To: john-users@...ts.openwall.com
Subject: Re: Using a pre-computed list of alphanumeric 
     strings. (not rainbow tables)

> Why would you have to generate that for every salt? When you have a word
> list, its just plain text dictionary file, and John uses that.
>
> I guess I overlooked something.....when I was cracking NT hashes with
> pre-generated rainbow tables.... I could do it fast and effectively
> because
> the hash could be broken into two 7 char strings, so really you are only
> cracking 7 chars at a time....a MUCH smaller list then having a table of
> all
> possible 14char alphanumeric combinations....
>
> Thanks.

Because somebody mentioned the space needed to store "Rainbowtables":
This space can get reduced dramaticly using the "right" compression
algorithm.

I will (again) mention LZMA because it compresses REALY awesome.
But except of "words" I`ll show you a example:

godfather $ du -h phatbot_current_source.tar.lzma
7.0M    phatbot_current_source.tar.lzma
godfather $ time lzmash -d phatbot_current_source.tar.lzma
    0m4.63s real     0m1.77s user     0m0.42s system
godfather $ du -h phatbot_current_source.tar
182M    phatbot_current_source.tar

This is the PhatBot (aka Agobot3) Sourcecode including A LOT variants and
plugins and foo. As you can see I`m able to compress it down to 7MB.

Comparing lzma to gzip and bzip2:

godfather $ gzip -9 phatbot_current_source.tar
godfather $ du -h phatbot_current_source.tar.gz
57.8M   phatbot_current_source.tar.gz
godfather $ time gunzip phatbot_current_source.tar.gz
    0m12.83s real     0m1.12s user     0m0.30s system
godfather $ bzip2 -9 phatbot_current_source.tar
godfather $ du -h phatbot_current_source.tar.bz2
52.4M   phatbot_current_source.tar.bz2
godfather $ time bunzip2 phatbot_current_source.tar.bz2
    0m19.24s real     0m12.33s user     0m0.32s system

Results (time) are maybe NOT correct because I have 2 running JtRs.
LZMA decompresses much faster then bzip2 but mostly a littlebit slower
(not very much, just a littlebit) then gzip.

I did not tested how long it takes to comrpess because for realy BIG files
you may need hours to compress it with LZMA.

Downsides of LZMA:

- You need a LOT RAM to compress with the "best" values (even I didn`t
  compressed it with the BEST values because I just have 2Gb).
- It may take hours to compress (depends to the original filesize)

Advantage:

- It decompresses much faster then bzip2
- It`s VERY useable for stuff you may compress ONCE but decompress/use a lot

Decompression enegine is about ~10kb so it wont make &your programm here&
that fat.

And that LM can get splitted into 7 char blocks is right and this means
you just need a rainbowtable up to 7 Chars because a PW of about 12 chars
gets splitted into 7+5 and should get brocken absolutly fast.

So conclusion: It makes sense to may even enable JtR to use Rainbowbooks,
at least for such weak algorithms.
It will become kinda useless for Blowfish or maybe even MD5 but for DES/LM
it may makes sense (combinated with a good compression).

Kind regards,
Rembrandt


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.