Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <160ea7297dfb1d49aed0f034b79355ed@smtp.hushmail.com>
Date: Fri, 08 May 2015 23:59:31 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Advise on best approach (truecrypt pw based on pdf
 file)

On 2015-05-08 23:19, magnum wrote:
> On 2015-05-08 19:47, Demian Smith wrote:
>> I've recently lost my truecrypt PW and am thinking to approach the
>> recovery with JtR but am unsure about the best approach to do so. So
>> hopefully I could get a couple of pointers into the correct direction of
>> setting it up.
>>
>> I know a couple of facts, which hopefully make it feasible in the first
>> place:
>> - I have created the password from a random page of a random book¹
>> - First letter MUST be capital
>> - No numbers or diacritics,
>> - Likely only I as second capital letter
>> - No digits
>> - Probably 5 -12 chars (I imagine it to be around 8, but that's guessing)
>
> Are you saying the password is made up from initial letters of a
> sentence? As in "To be or not to be, that's the question" -> "Tbontbttq".

Trying your sed magic, this seems to be the case. But did you use the 
first sentence on a page, or a random one?

>> At the moment I have tried creating a fake pot file from ¹ and creating
>> a chr of it and then building a incremental rule:
> (...)
>> (¹ I have tried
>> cat INFILE | sed -re 's/[?!.:]/\n/g' | sed -re
>> 's/([A-Za-z])[A-Za-z]+[^A-Za-z]*/\1/g' > outfile
>
> Did you look at outfile and see if your sed magic does everything you
> thought? You should probably just adjust it a little.

Your version did not remove all spaces and did also not handle 
one-letter words like "I" or "a". This seems to work better:

sed -re 's/[?!.:,;"]+ ?/\n/g' | sed -re 
's/([A-Za-z])[A-Za-z]*[^A-Za-z]*/\1/g' | grep -E '^[A-Z]'

It's still flawed because it keeps the original linefeeds, breaking 
sentences. I'd do it in Perl instead. Actually if you google a little 
I'd be surprised if you can't find a perfected perl script ready to use!

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.