Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <A87087F7-743F-46D1-827F-F98FABFEC992@sl-chat.de>
Date: Wed, 6 May 2009 17:28:48 +0200
From: SL <auditor@...chat.de>
To: john-users@...ts.openwall.com
Subject: generating john.conf rules from password lists

Hello List,

first of all I wish to thank you all for your contributions, I have  
been a leech for the past two years or so and now finally decided to  
participate myself.

I will start with a question that I have been pondering about for  
quite a while now with no practical result:
Are there any serious approaches to generate john.conf wordlist rules  
based on existing password lists (or a fairly large john.pot, for  
example)?

Say, if I do a simple quick analysis on my john.pot (with currently  
13,434 entries):

sed "s/^[^:]*://;s/[A-Z]/U/g;s/[a-z]/l/g;s/[0-9]/0/g;s/[[:punct:]]/./ 
g;s/Ul\{5,\}/Word/g;s/ll\{5,\}/word/g" john.pot | sort -n | uniq

I'll get 1,282 "patterns" to consider for adopted mangling rules.

I use following replacement scheme: U for uppercase letters, l for  
lowercase letters, 0 for digits, . for punctuation and "word" resp.  
"Word" for 6-or-more-letter-sequences that potentially form a  
dictionary word.

Is my approach well understood? (And reasonable at all?)

Now -- how can I transform this into reasonably crafted mangling  
rules? Minga? Anyone?

Looking forward to reading your thoughts.
Seb

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.