Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <2F71E016-009C-4C34-BF1F-64072A6DF941@m.patpro.net>
Date: Wed, 9 Nov 2016 14:50:33 +0100
From: p+password@...atpro.net
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: alter default rules or filter, best way to focus on proper candidates?

Hello,

I would like to use mangling rules with --wordlist or --loopback in a way they produce a reduced set of candidates, like "every candidates that are lowercase", "every candidates that have no digits", etc.

What would be the best way to use (jumbo's) wordlist rules that come with John but without any of them that creates candidates featuring upper case characters (or lower case, or digits…). I guess I could use a john process to create candidates then filter out those that don't match my criteria, but on fast hash I'm not sure it's interesting.
I'm currently trying to modify every single rule that can produce upper case characters, but it's a lost battle: so many different rules, so many possibilities, and in the end work has to be re-done when I want to get rid of candidates including digits or whatever other type of character.

I've made a few test with/without --external : 

$ time ./john --wordlist=spanish.dic --rules=jumbo --external=Filter_LowerNum --max-length=10 --stdout >/dev/null 
Press 'q' or Ctrl-C to abort, almost any other key for status
120562226p 0:00:02:13 100.00% (2016-11-09 14:20) 903828p/s zzuzoz

real	2m13.396s
user	2m13.266s
sys	0m0.055s

$ time ./john --wordlist=spanish.dic --rules=jumbo --max-length=10 --stdout >/dev/null 
Press 'q' or Ctrl-C to abort, almost any other key for status
221810292p 0:00:01:41 100.00% (2016-11-09 14:18) 2186Kp/s ZURRUMBERA

real	1m41.462s
user	1m41.349s
sys	0m0.079s

$ time ./john --wordlist=spanish.dic --rules=jumbo --stdout >/dev/null 
Press 'q' or Ctrl-C to abort, almost any other key for status
574580426p 0:00:02:13 100.00% (2016-11-09 14:27) 4293Kp/s zarrapastrosame

real	2m13.832s
user	2m13.345s
sys	0m0.417s

--external allows me to filter out about half the candidates, but total exec time is ~30% longer.
--max-length=10 costs me a lot too, with a number of candidates per second divided by 2

Eventually I'm considering this:

$ ./john --test --format=Raw-SHA1
Benchmarking: Raw-SHA1 [SHA1 128/128 AVX 4x]... DONE
Raw:	19915K c/s real, 19764K c/s virtual

If I understand correctly, "./john --wordlist=spanish.dic --rules=jumbo" will not create candidates as fast as it could consume them against Raw-SHA1. So I probably should not bother filtering or limit length, even if I know that without any filter 4 candidates out of 5 are a waste of CPU cycles.

Am I correct?

patpro

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.