Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20080124162934.GA18848@openwall.com>
Date: Thu, 24 Jan 2008 19:29:34 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re:  question about charsets

On Thu, Jan 24, 2008 at 01:38:58PM +0000, helleye wrote:
> from what i know it build tables that rank which char should appear next
> according the last 2 chars that already in the word
> 
> wonder if it also consider the place on the word

Yes, it does - as well as "word" length.

> for example
> abcabd 
> for ab it will count c and d ,one time in the same ranking (ab c1d1)
> 
> or split to
> 0.ab c1 
> 3.ab d1

The latter.

However, in case there's insufficient information available for a given
combination of {length, position, two preceding characters}, there are
fallbacks.  These are implemented with calls to expand() in inc.c:
inc_new_count(), as well as assignments to (*chars)[CHARSET_SIZE] in
charset.c: charset_generate_chars().

> if solar can elaborate please on how exactly it work , and maybe you have 
> ideas on how to improve , i might try to build one

Well, a possible improvement would be to use information from other
lengths before falling back to allchars, but after all other fallbacks
(for the proper length).

Also, here's some advice on how to test a potential improvement:

It is important that you use distinct sets of passwords for generating
your .chr file and for testing "incremental mode" or its replacement.

It is trivial to "improve" things in such a way that "incremental mode"
would work much better against the same set of passwords that were used
for generating the .chr file - but this is of no practical value.  At
the same time, such "improvement" is likely to make things worse under
real-world conditions (when you don't have a chance to base your .chr
files right on your target passwords).

Good luck, and do read the source code. ;-)

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: 5B341F15  fp: B3FB 63F4 D7A3 BCCC 6F6E  FC55 A2FC 027C 5B34 1F15
http://www.openwall.com - bringing security into open computing environments

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.