Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <abe51580a0b28c4ffde0299f9ae5ec49@smtp.hushmail.com>
Date: Thu, 9 Nov 2023 15:31:50 +0100
From: magnum <magnumripper@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: 1password memorable passwords

On 2023-11-09 10:53, Jimmy Yuen Ho Wong wrote:
> I'm only trying to generate a rainbow table using 1password's memorable
> password rule.

A rainbow table is something vastly different and the term should not be 
misused. You are merely compiling a wordlist!

> 1password's memorable password rule is basically the XKCD 936 rule - each
> word is randomly picked from a list of 18342 words, each word is at most 8
> characters long, and the password is 3 to 4 words long separated by
> hyphens. There are 2^56 combos and obviously I can't generate this wordlist
> on disk.

Any way you generate it can instead be used directly by a cracker, so 
storing it on disk is not needed anyway.

> I've looked at external modes and it's not obvious to me how the mini
> language handles such a large wordlist. It doesn't look like it supports
> C-strings, 2d arrays or reading a file either. Is there a smarter way to
> configure and/or script JtR such that it batches and streams a continuously
> generated wordlist without me writing a whole different mode?

For a slow mode such as DMG, a trivial perl script is probably just fine 
(you may even be able to find similar such scripts in this list's 
archives).  We have a PRINCE cracking mode that could almost do what you 
need with the 18K words list as input.  But it lacks support for putting 
the hyphens inbetween words, and if we try to work around that by 
appending a hyphen to each input word, we instead hit the max length 
limit (would need 35 for 4*8+3 while max for PRINCE is 32).

Or you could persuade someone to fix 
https://github.com/openwall/john/issues/2268 (which would also fix 
https://github.com/hashcat/princeprocessor/issues/49) - that would solve 
the problem canonically and it should actually be pretty trivial.  Alas, 
I do not have time for it.

In case you write or find a script/tool that outputs the candidates to 
stdout, you'll just pipe it like this:

some_tool | ./john dmghash.txt -stdin

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.