Subject: Re: how to parse passwords with some known letters
Date: Thursday 7th August 2008 20:53:52 UTC (over 9 years ago)
On Sat, Jul 26, 2008 at 07:38:00PM +0200, Helmut Hullen wrote: > I've seen that about 10% of the restored passwords end with "oo" (7 or 8 > characters), and about 30% contain somewhere "oo". > > Can I tell "John" at least the case that many passwords may end with > "oo"? There are two reasonable things you can do: 1. If you have a large number of passwords already cracked, and it sounds like you do, then generate a custom .chr file based on those passwords (that is, on your john.pot). This is described in the documentation for JtR: http://www.openwall.com/john/doc/EXAMPLES.shtml currently, that's example number 7. The .chr file will have information on relative frequencies of different character triplets, at different character positions and for different password lengths, embedded in it. So it will "know" that "oo" is common, just how common it is relative to other character combinations, after what preceding characters, in what character positions, and for what password lengths. 2. Force JtR to try passwords ending in or containing "oo" only. This can be done with an external mode - either a complete one or a filter() to be used along with another cracking mode. The filter() could in fact filter or it could append or insert the "oo". You've already found some examples of how that is done: > I've studied > http://article.gmane.org/gmane.comp.security.openwall.john.user/1662 > http://www.openwall.com/lists/john-users/2008/05/20/2 > http://www.openwall.com/lists/john-users/2008/03/31/1 > > but (sorry) I didn't understand how to make rules for this case. Well, my recommendation is that you go with a custom .chr file, unless the number of already-cracked passwords is too small. Please let john-users know of your progress with this, and we might be able to provide further advice. Thanks, Alexander -- To unsubscribe, e-mail [email protected]mane.org and reply to the automated confirmation request that will be sent to you.