Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANnLRdiXmuD7wRP4U4d3k1G=EMv6hTxKkFpnuZHV2gQPaf8D5w@mail.gmail.com>
Date: Fri, 26 Apr 2013 10:41:53 -0600
From: Stephen John Smoogen <smooge@...il.com>
To: john-users <john-users@...ts.openwall.com>
Subject: Re: Charset filters and options

On 25 April 2013 21:57, Rich Rumble <richrumble@...il.com> wrote:

> On Thu, Apr 25, 2013 at 11:09 PM, Stephen John Smoogen <smooge@...il.com
> >wrote:
>
> > On 25 April 2013 20:04, Rich Rumble <richrumble@...il.com> wrote:
> >
> > > On Thu, Apr 25, 2013 at 9:37 PM, Rich Rumble <richrumble@...il.com>
> > wrote:
> > >  that A-Z were used in
> > >
> > > Also shouldn't Alpha be 27 and Alnum 37 for 0x32? I see the filters
> don't
> > > have space in them, so i understand why they aren't, never noticed
> > > before...
> > >
> >
> > I have a bad headache so I am not following with why space would be
> there?
> >
> > Yeah I shouldn't of sent that :) I realized it's too late for me, I need
> some sleep disreguard the 27/37 :)
>
>
> > then do a john --make-charset from that. I may tailor the grep down a bit
> > more depending on what I am hopign to catch first. If I know that the
> rules
> > required 1 upper, 1 number, lowercase, I do something like:
> >
> The auditing I do that pays the bills always involves Pwd-Policies like
> 1Upper, 1 digit or 1 special  at least 8 long, which is a requirement that
> most websites or dumps you find on insidepro/pastebin etc don't have. I'll
> have a closer look at making alnum into 62 chr's again tomorrow and seeing
> what up.All.chr typically works, but alnum still seems to be useful as
> well, even with policies in place :) I'm more curious as to why it's always
> been 36 (afaik) as opposed to 62. I can see that there is in fact little
> need for upper 90% of the time however. (g-night)
>

I find that for these policies that you get the most bang for the buck with
special wordlists as people will default to what is simplest.

>7 cAz"[0-9]"
>7 cAz"[!@...^&*()]"

grabs most. The second highest I have seen is

>7 cA0....

After that people like to put numbers between words which requires a bit
more tricky ness. [One can probably do this with a john rule of
substituting [:space:] with 1 or something but I haven't gotten that to
work. Instead I end up writing some sort of python script using a
dictionary of 2-4 letter words and printing out capitalized words, numbers
or special in the spaces, and going from that. Then depending on the
encryption algorithm being chosen I limit the dictionary down to the most
common words etc to make sure I don't end up spending more weeks than a
password change policy to find some goof ball who decided
"My1Password2Is3Password" over "Asleep_tent3wit=Aid5Helix" (the first one
is pretty common while the second one is not.)



> -rich
>
> >
> >
>



-- 
Stephen J Smoogen.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.