Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <12E0B65F-02C3-4393-8936-E6C7218822FA@gmail.com>
Date: Fri, 28 Apr 2017 14:48:12 -0700
From: B B <dustythepath@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: How to stop consideration of repeated characters

Thank you,
This is very helpful information.
> <john-users-subscribe at lists.openwall.com> Apr 28, 2017, at 1:44 PM, Solar Designer <solar@...nwall.com> wrote:
> 
> Hello Bill,
> 
> On Fri, Apr 28, 2017 at 01:30:40PM -0700, B B wrote:
>> I am new to JtR and am trying to recover a lost password for which I have both a probable beginning and end. I also have a limited character set for the middle of the password.
>> 
>> I have been using Crunch to generate word lists but these lists have repeated characters such as [known}aaab[known]. I know for a fact there are NO repeated characters in my lost password but can not find any mention of a rule? to reject them. 
> 
> This is tricky and most likely unreasonable to do.  What hash or file
> type are you attacking?  How fast does the attack go?  It is unlikely
> that reducing the keyspace by such a small margin is going to
> significantly improve your chances of cracking that password within the
> timeframe you're willing to allocate.
> 

I am attacking a FileVault sparsebundle img hash retrieved with dmg2john (AES256) so realize I must seriously cut down on the possibilities. I have 10 years of data locked away from the simple mistake of creating a 2nd admin account on my laptop to edit my main account. When I checked a Filevault checkbox I did not realize it would RE-encrypt everything to the new admin account and even nullify the original FileVault key.  I promptly deleted the account and forgot the password after doing what I needed to do. Sort of stupid, but more like a sloppy mistake.
I am using 1.80 Jumbo.


>> Another question, to get around the use of Crunch, is can I quote a fixed/known character string at the beginning and the end in a rule?
>> 
>> Such as ???pass???A-z???word????
> 
> You don't need Crunch.  With recent JtR -jumbo, you can achieve the same
> with its mask mode, e.g.:
> 
> john -9='?l?u' --mask='pass?9?9?9?9word' passwd-file-here
> 
> or e.g.:
> 
> john -9='?l?u' --mask='pass?9?9[aeiou]?9word' passwd-file-here
> 
> to restrict one of the characters to a smaller set.  You can also use
> character ranges, etc.
> 


> To likely significantly improve your chances, you can use e.g.:
> 


> john --inc=alpha --min-len=12 --max-len=12 --mask='pass?wword' passwd-file-here
> 

./john --inc=LowerNum --min-len=12 --max-len=12 --mask=‘pass?wword’


This seems to work fine. Hmm, about 3 weeks with my configuration with 5 unknowns, guess I’ll fire up another box!!!
I may have to do several of these at different lengths, maybe up to 6 characters which I'm not sure is possible. I am prepared to spend electricity on this problem. ;)

> so that the 4 character (in this example) portion in the middle is
> filled with character sequences sorted for decreasing estimated
> probability based on character frequencies in other passwords.
Is this something I create (other passwords) or what is built into the config file already that you are referring to? ( I believe I’ve read I can create such a file).

>  Things
> like this can make far greater difference than omitting a small fraction
> of the keyspace would.
> 
Custom.chr?

 I know for a fact I did not use z, x or q. Now I could go with —inc LowerNUM which shouldn’t be to bad in iterations of 4 and 5 unknown characters. Are you saying, to be clear that the difference between LowerNUM and a custom character set is not efficient? I note that LowerNum is about 36 vs 27 I am fairly certain about. 

Thank you



> Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.