Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAJ9ii1FFYjtRfjm+ny3VeTSRDZnYy6iAYWEgZ7Fg1kxGxxEwOA@mail.gmail.com>
Date: Mon, 13 Jun 2016 09:54:26 -0400
From: Matt Weir <cweir@...edu>
To: passwords@...ts.openwall.com
Subject: Re: Derive stats/rules/masks from a bunch of plains

For John the Ripper, the best automatic rule generator that I'm aware of is
bartavelle's which is available at:

https://github.com/bartavelle/rulesfinder

It doesn't do passphrases though, and it's been a number of years since
it's been updated. Side note, automatically breaking up passphrases is
a really tricky problem unless the person creating them was nice enough to
capitalize each of the words. Part of this is due to poor input
dictionaries. Heck even determining keyboard combos is not exactly
straightforward since you'd be surprised how many real words follow a
partial keyboard walk.

If you are looking for more experimental work, you can check out my pcfg
guess generator at:

https://github.com/lakiw/pcfg_cracker

It's still *very* much in development so unfortunately it doesn't support
longer cracking sessions at this moment. That being said, the training
program breaks down a lot of statistics about the training password set
that you might be able to use. It doesn't currently display them to the
screen so you'll need to dig into the rules directory yourself. If you do
use it please feel free to give me feedback and I apologize in advance for
my horrendously late replies :)

Matt

On Sun, Jun 12, 2016 at 4:26 AM, Patrick Proniewski <patpro@...pro.net>
wrote:

> Hi,
>
> On 11 juin 2016, at 17:09, Michal Špaček wrote:
>
> > You can also try DigiNinja's Pipal:
> https://digi.ninja/projects/pipal.php
>
>
> Thanks, it looks interesting. I'll definitively add it to my toolbox. On
> the vocabulary side, it fails splitting pass phrases into dictionary words.
> For 10 years old dumps it's not so important, but for recent dumps it's a
> problem.
>
> pat

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.