Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <cb20b09fc922c957617f68ebcb888149@smtp.hushmail.com>
Date: Tue, 20 Nov 2012 00:45:43 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: How does incremental mode works?

On 19 Nov, 2012, at 23:56 , Richard Miles <richard.k.miles@...glemail.com> wrote:
> On Mon, Nov 19, 2012 at 2:09 PM, magnum <john.magnum@...hmail.com> wrote:
> On 19 Nov, 2012, at 16:39 , Richard Miles <richard.k.miles@...glemail.com>
>> wrote:
>>> B.1) Once a new password is cracked with Markov should not be useful to
>> get this information to update the stats file and recalculate the
>> probabilistic? It may be wrong, but I guess that for example with a good
>> amount of passwords cracked with Markov if we used this data to modify the
>> stats "on the fly" it could give better results, not?
>> 
>> You will never have a perfect stats file. Given that, your suggestion will
>> amplify the errors instead of making things better: Let's say your stats
>> file have too much weight for the letter 's' so you crack a lot of password
>> containing 's'. While this is a good thing, the downside is you missed (for
>> the sake of example) nearly all passwords containing a 'q'. Now, if you use
>> these results to modify your stats file, you get even more weight to 's'
>> and even less weight to 'q'.
>> 
> 
> Humm.. this makes sense. This idea of weight for chars looks similar to me
> to word frequency. Isn't it the principle for incremental mode?

My description of the "scenario" was a lot simplified (and in fact generic - it applies to any way of producing candidates unless you exhaust the keyspace). I just randomly chose the word "weight" while in fact it might be that tri-graph voodoo magic or whatever.

>> This is why the RockYou list is so much better than any list of cracked
>> passwords. Because the passwords were stored in the clear, the RockYou list
>> is a complete list of passwords from a large user base, not just the ones
>> that were cracked using some sort of method that will (always) have more or
>> less of errors like the (extreme) example I gave above.
>> 
> 
> Cool, this makes a lot of sense. But on the other hand since there was no
> password policy enforcement this may not be good for such situations. At
> least it's what I learned until the moment :)

One way to attack that is running the RockYou list through a policy filter (be it John's external filter, a perlscript or just good ol' grep) and produce a subset that only contains passwords that pass your policy. Then create a stats file (or a charset file for incremental mode) from that. While this is not as good as if RockYou would have that policy in place, I bet it will be excellent.

>>> D.1) This one is for Magnum again since he always improve jTr with
>> amazing small features that make our files easier. Today calculate the time
>> that Markov will run based on time is a bit of pain as described here
>> http://openwall.info/wiki/john/markov
>>> 
>>> Do you think that you could add a new command-line option to automate
>> it? For example, maybe we could do something like
>> --markov=autoadjust-10800:0:0:13 whre jTr would calculate itself the best
>> possibility of markov level based on the current password cracking speed of
>> the target hash and autoadjust it to run during 3 hours (10800). What do
>> you think?
>> 
>> That would be nice, but I currently don't have time and inspiration to do
>> anything like that. Doing it inside JtR itself might be a lot more tricky
>> than it might seem. It's probably a lot easier to make a trivial script
>> that accomplishes what you want.
>> 
> 
> Sorry, I was not aware it was tricky. I will try to do an script or
> something like that.

I'm not sure it's that tricky, I just guess it is. And I do like the idea. You could always add it to the wiki wish-list. Someday, someone might get the idea to implement it.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.