Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20130331082010.GA445@openwall.com>
Date: Sun, 31 Mar 2013 12:20:10 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: De-duping NT ruleset

Rich,

On Sat, Mar 30, 2013 at 08:02:59PM -0400, Rich Rumble wrote:
> I ran a small test on "NT" using a simple set of letters:
> aaaaaaaaaaaaA
> AaAaAaAaAaAaa
> aaaaa
> AAAAA
> 
> That produced 16448 cadidates, and half are repeats, it should be 8224
> unique cadidates. I changed NT to be like this instead (below), and it only
> produces 8224 like I believe it's supposed to.

You can't reliably adjust a JtR ruleset to avoid producing duplicates
stemming from similarities across multiple input words, without also
missing some desirable candidate passwords on other valid inputs.  This
is a fundamental problem, it is not specific to the NT ruleset.  Thus,
what you have done is introduce a bug: on other valid inputs, your
NT_Length will miss some passwords that NT would produce.  This is easy
to see:

$ cat w
aaaaaaaaaaaaA
$ ./john -w=w -ru=NT_Length -stdo|sort -u|wc -l 
words: 4096  time: 0:00:00:00 DONE (Sun Mar 31 12:10:09 2013)  w/s: 45511  current: AAAAAAAAAAAAa
4096
$ ./john -w=w -ru=NT -stdo|sort -u|wc -l
words: 8192  time: 0:00:00:00 DONE (Sun Mar 31 12:10:11 2013)  w/s: 102400  current: AAAAAAAAAAAAa
8192

... or is this on purpose, with NT_Length being intended for use on some
special cases of input files, not on all?  If so, that's inconsistent
with the original purpose of the NT ruleset; perhaps you'd need to call
your ruleset differently and explain what inputs it is valid for, then.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.