Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <A87087F7-743F-46D1-827F-F98FABFEC992@sl-chat.de>
Date: Wed, 6 May 2009 17:28:48 +0200
From: SL <auditor@...chat.de>
To: john-users@...ts.openwall.com
Subject: generating john.conf rules from password lists

Hello List,

first of all I wish to thank you all for your contributions, I have  
been a leech for the past two years or so and now finally decided to  
participate myself.

I will start with a question that I have been pondering about for  
quite a while now with no practical result:
Are there any serious approaches to generate john.conf wordlist rules  
based on existing password lists (or a fairly large john.pot, for  
example)?

Say, if I do a simple quick analysis on my john.pot (with currently  
13,434 entries):

sed "s/^[^:]*://;s/[A-Z]/U/g;s/[a-z]/l/g;s/[0-9]/0/g;s/[[:punct:]]/./ 
g;s/Ul\{5,\}/Word/g;s/ll\{5,\}/word/g" john.pot | sort -n | uniq

I'll get 1,282 "patterns" to consider for adopted mangling rules.

I use following replacement scheme: U for uppercase letters, l for  
lowercase letters, 0 for digits, . for punctuation and "word" resp.  
"Word" for 6-or-more-letter-sequences that potentially form a  
dictionary word.

Is my approach well understood? (And reasonable at all?)

Now -- how can I transform this into reasonably crafted mangling  
rules? Minga? Anyone?

Looking forward to reading your thoughts.
Seb

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.