Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20080807205352.GB22776@openwall.com>
Date: Fri, 8 Aug 2008 00:53:52 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: how to parse passwords with some known letters

On Sat, Jul 26, 2008 at 07:38:00PM +0200, Helmut Hullen wrote:
> I've seen that about 10% of the restored passwords end with "oo" (7 or 8  
> characters), and about 30% contain somewhere "oo".
> 
> Can I tell "John" at least the case that many passwords may end with  
> "oo"?

There are two reasonable things you can do:

1. If you have a large number of passwords already cracked, and it
sounds like you do, then generate a custom .chr file based on those
passwords (that is, on your john.pot).  This is described in the
documentation for JtR:

	http://www.openwall.com/john/doc/EXAMPLES.shtml

currently, that's example number 7.

The .chr file will have information on relative frequencies of different
character triplets, at different character positions and for different
password lengths, embedded in it.  So it will "know" that "oo" is common,
just how common it is relative to other character combinations, after
what preceding characters, in what character positions, and for what
password lengths.

2. Force JtR to try passwords ending in or containing "oo" only.  This
can be done with an external mode - either a complete one or a filter()
to be used along with another cracking mode.  The filter() could in fact
filter or it could append or insert the "oo".  You've already found some
examples of how that is done:

> I've studied
>   http://article.gmane.org/gmane.comp.security.openwall.john.user/1662
>   http://www.openwall.com/lists/john-users/2008/05/20/2
>   http://www.openwall.com/lists/john-users/2008/03/31/1
> 
> but (sorry) I didn't understand how to make rules for this case.

Well, my recommendation is that you go with a custom .chr file, unless
the number of already-cracked passwords is too small.

Please let john-users know of your progress with this, and we might be
able to provide further advice.

Thanks,

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.