Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <2E74D890-1A89-4B1C-ABE3-4E4011B3625A@kabelsurfer.com>
Date: Sat, 28 Dec 2019 19:43:22 +0100
From: john-user@...elsurfer.com
To: john-users@...ts.openwall.com
Subject: [Prince mode] Generate passwords following some rules?

Hi,

I am trying to recover my own lost password that I am unable to remember.

But I hope I do remember the password’s „structure“ correct. As far as I remember it could be something very easy: Some capitalized words concatenated followed by zero to four digits and an optional exclamation mark xor number sign (#).

If I had to express it as a regex it would be: ^((?:[A-Z]?[a-z]+)+)([0-9]{0,4})(!|#)?$

You could also abstract three groups:

1. Concatenated capitalized words
2. Zero to four digits (may also following some „format“, e.g. date)
3. Zero or one special characters

Btw: I do know that this kind of passwords are not secure - but security was not the primary concern for setting a password for this file.

Now I have collected some guesses for group 1 (the „capital words“ that need to get concatenated), group 2 (the digits) and obviously group 3 (the special characters).

My first attempt was to list all the words per line, including some of the possible numbers and the two special signs and feed that list into prince mode.

E.g.:

This
Are
My
Words
01
1
1022
12
#
!

But this leaded to candidate passwords like 12122012, 1110112 etc. pp. Furthermore the candidate passwords were limited by character count but if at all it should limit selected words (non numbers / special char), digits/numbers and special characters on their own.

Unfortunately I was not able to tell Prince mode to follow some „design rules“ for its concatenation procedure. Additionally I don’t think that generating a bunch of „invalid per design“ passwords and filtering them afterwards via an external filter is the right decision concerning speed and my personal case (I don’t want to get as much correct passwords as possible but only one single).

Apart from the possibility of coding some script that generates appropriate candidate passwords and handing those over to JtR (btw: I think I have not correctly understood the difference between --stdin and --pipe: does JtR read in both cases from stdin but only allowing modifications to the input (rules / masks) by using --pipe?) is there any chance to simply tell Prince mode which „design rules“ it should follow, e.g. by providing some regex or the like.

If this is currently not possible, I think this would be a great feature. Wouldn’t it?

Reds,
John-User

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.