Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CABeUhwvHzt6HX1ZtMbdFb7d6y8_AYQJTabeOUSE5pBEH=dryuQ@mail.gmail.com>
Date: Sun, 17 Jun 2012 16:52:20 +0200
From: newangels newangels <contact.newangels@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Magic Escape Sequences in Rules

Hi,

Well, it's not my post, but just whant to thanks "FRANK" ( other's
Master's dev's also for sure ) for his effort's & time.

It's allways an nice to see & read ppl sharing them knowledges & time
& think that have to be highlighting. time to time ;-)

Regards,

Donovan

2012/6/17, Frank Dittrich <frank_dittrich@...mail.com>:
> On 06/17/2012 07:52 AM, NeonFlash wrote:
>> I have the following rules which I would like to modify and in order to do
>> that, first I need to get a grasp of how they work:
>>
>> -[c:] >4 <- \p[c:] i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>>
>> This will add the special characters everywhere in the string. Here is
>> what I have understood:
>>
>> -[c:] - reject the rule if the hash type is not case sensitive.
>
> Not exactly.
> This gets expanded to 2 rules:
>  -c
>  -:
> The first one means: reject the rule if the hash type is not case
> sensitive.
> The second is a dummy (the rule is not rejected)
>
>>> 4 - reject the candidate password if its length is less than 4
>
>  >4 rejects the candidate password if its length is less than or equal to
> 4.
>
>> <- the length of the candidate password should be less than max_length-1
>> (max_length is maximum length supported for that hash type)
>
> max_length is maximum length supported for that hash type or maximum
> length supported for the current format implementation (this one can be
> smaller than the actual maximum length supported for that hash type, for
> performance reasons.
>
>
>> \p[c:] - \p is the magic escape sequence.
>>
>>
>> According to documentation: \p before a range to have that range processed
>> "in
>> parallel" with preceding ranges.
>
> Without the \p,
>
> -[c:] >4 <- [c:] i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>
> would get expanded to
>
>  -c >4 <- c i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>  -c >4 <- : i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>  -: >4 <- c i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>  -: >4 <- : i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>
> (plus expansion of the [0-5] and [!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
> ranges)
>
> We want just 2 of these 4 expansions:
>
>  -c >4 <- c i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>  -: >4 <- : i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>
> This is exactly what the \p does here.
> It just reduces the number of rules in a way that the first character of
> the range following the \p is used when the expansion of the previous
> range used the character in the first position, and so on.
>
>
> The first version capitalizes the word, but does so only if the hash
> type is case sensitive.
> The second version could also be written as
>
>  >4 <- i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>
> Because the range [c:] is exactly the same in both cases,
>
> -[c:] >4 <- \p[c:] i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>
> could have been written as
>
> -[c:] >4 <- \p\0 i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>
> \0 would refer to the previous range.
>
> Since the previous range in this example is the first range, you could
> also use
>
> -[c:] >4 <- \p\1 i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>
> (This is useful if you want parallel processing with another range than
> the previous one.
>
> So, the \p just helps to reduce typing when writing the rules, and
> prevents you from needing to adjust several different places if you
> realize you want to add another character, remove a character, or just
> change the sequence of characters in the last range.
>
>
>>
>> However in our rule, [c:] is not a range. So, does it allow parallel
>> processing for the following two rules:
>> [c] - capitalize
>> [:] - no operation?
>
> The [c:] is a range of 2 different characters which requires expansion
> into two different rules.
>
> From doc/RULES:
>
> |  In the following paragraph describing the escapes, the
> | word "range" refers to a single instance of a mix of character lists
> | and/or ranges placed in square brackets as illustrated above.
>
> In the first range, c and : are used as qualifiers for the - (rule
> rejection command), in the second case they are used as word mangling
> rules.
> The rule expansion logic doesn't care, it will just expand those ranges
> (from right to left), inserting each character specified (from left to
> right), unless it finds a \p.
>
>> i[0-5][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*] - This will pick a special
>> character from the list and place it in different positions, 0 to 5.
>
> Right.
>
>
>> Similarly, I would like to understand the meaning of the magic escape
>> sequences, \p1 and \p2 in the following rule:
>>
>> -[c:] >[5-8] <- \p1[c:] i\p2[6-9][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>
> range 1 is [c:], range 2 is [5-8], so the second [c:] is processed in
> parallel with the first one, while [6-9] is processed in parallel with
> [5-8].
>
> Again, this could have been written as
>
>  -[c:] >[5-8] <- \p1\1 i\p2[6-9][!$@...^&()_+\-={}|[\]\\;'":,/<>?`~*]
>
>  \1
> would mean: take the same characters as in the range 1 when doing
> parallel processing.
>
> As you see, ranges processed in parallel don't need to use the same
> characters, they just need to have the same number of characters.
>
> Frank
>

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.