Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20100222175925.GA23727@openwall.com>
Date: Mon, 22 Feb 2010 20:59:25 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: New updated lanman.chr based on RockYou Data

On Fri, Feb 19, 2010 at 11:27:35AM -0600, Minga Minga wrote:
> I decided to go ahead and make a replacement for lanman.chr based on the
> rockyou dataset.

Thank you!

> To give you an idea how it was created, I performed the following commands:
> 1) Taking the rockyou list - and converting to upper case.
> 2) cut -b 1-7 rockyou.dic >> lanmanrockyou.dic
> 3) cut -b 8-14 rockyou.dic >> lanmanrockyou.dic
> 4) cut -b 15-21 rockyou.dic >> lanmanrockyou.dic
> 5) generated LANMAN hashes for all entries in lanmanrockyou.dic
> 6) cracked all the LANMAN hashes

If/when you actually perform steps 5 and 6, then step 4 does not matter.
It may affect the time needed for steps 5 and 6, but it should not
affect the resulting .chr file.

However, if/when you omit steps 5 and 6 (and you mentioned that you
started doing that), then step 4 probably hurts, resulting in a .chr
file that is less optimal for actual LM hashes.

> 7) generated a .chr file from the cracked hashes.

Did you use "--external=Filter_LanMan" along with "--make-charset"?
With your steps 5 and 6 (and nothing else in john.pot) this shouldn't
make a difference, but if you omit steps 5 and 6 then using this filter
is a must.

To summarize, you have two approaches to choose from:

A. Perform steps 1, 2, 3, 5, 6, 7.  (In fact, you could simplify/avoid
steps 1, 2, 3 - just LM-hash the RockYou list.)

-or-

B. Omit steps 5 and 6 from the above, but instead use Filter_LanMan.

Just to provide the context right here, the filter is:

[List.External:Filter_LanMan]
void filter()
{
	int i, c;

	word[7] = 0;			// Truncate at 7 characters

	i = 0;				// Convert to uppercase
	while (c = word[i]) {
		if (c >= 'a' && c <= 'z') word[i] &= 0xDF;
		i++;
	}
}

Thanks again,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.