|
Message-ID: <20070128073750.GB31036@openwall.com> Date: Sun, 28 Jan 2007 10:37:50 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: how to find a password of 16 digits I've already provided a fairly elaborate response (yes, I had to postpone this until the weekend), but I'll comment on further postings on this topic as well: On Fri, Jan 26, 2007 at 12:33:12PM +0000, Johnny wrote: > After hours I now that I have the choice between these three alternatives: > - make my won 16digits.chr > - compile an external mode or > - generate a wordlist. > > Right or are there some more possibilities? You've described the above ones poorly. Yes, you can make your own 16digits.chr (or digits16.chr as I've called it in my previous response that I've just posted), however this requires that you recompile JtR from source first (see my previous response). You can also define an external mode. You do not need to explicitly compile it; JtR does that for you transparently at startup. You cannot reasonably generate a wordlist and save it to a file because it would be too large (see my previous message). However, either one of the two approaches mentioned above (a custom JtR build with a custom .chr file or an external mode) can be used to have JtR send such a wordlist to stdout, letting you pipe it into another program. > If I try to compile an external mode, my john.ini looks like this: > [List.External:MyDigits] > void init() > { > > word[15] = $[0-9]; ... This (and the rest of it) doesn't make sense, which is why it also doesn't work. This one works: [List.External:Digits16] int maxlength; // Maximum password length to try int length; // Current length void init() { int minlength; minlength = 16; // Must be at least 1 maxlength = 16; // Must be at least same as minlength length = 0; while (length < minlength) word[length++] = '0'; // Start with all 0's word[length - 1]--; word[length] = 0; // NUL termination } void generate() { int i; i = length - 1; // Start from the last character while (++word[i] > '9') // Try to increase it if (i) // Overflow here, any more positions? word[i--] = '0'; // Yes, move to the left, and repeat else // No if (length < maxlength) { word[i = ++length] = 0; // Switch to the next length while (i--) word[i] = '0'; return; } else { word = 0; return; // We're done } } void restore() { length = 0; // Calculate the length while (word[length]) length++; } However, it is unusable in practice because the number of candidate passwords that it tries to produce is too large. Well, you can let it run for a year, but your chances of it hitting the right password are slim. You need to customize it some further with other information on your target password (e.g., fix the first few digits). > For this task a little charset would be sufficent for me. Could someone make > me a charset file for a 16 digits incremantal mode, please? It won't work with a standard build of JtR, and if you do a rebuild as I've explained in my previous response, you can also generate a .chr file on your own easily. -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.