Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20060203174035.GB29293@openwall.com>
Date: Fri, 3 Feb 2006 20:40:35 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Re: roadmap

On Wed, Feb 01, 2006 at 09:43:33PM +0100, Frank Dittrich wrote:
> What about --individual, or just --ind
> But I don't mind --single, either

I don't see much of a difference between --single and --individual.

> (Isn't the functionality a feature provides more important than
> the name?)

Indeed, but that's not a reason for using a non-descriptive name.

> Just picking up this thread for further suggestions:
> 
> I think the "fast dummy" algorithm, which just uses hash=password,
> is useful for some john users.

I agree - but only for a very small percentage of the users.

> (Although, you might have to take special care of passwords
> containing colons.)

Yes, that's a minor difficulty.

> Then, I'd like to have a new external mode function, in addition to
> generate() and filter().
> I'd like to be able to get the password candidates, and generate
> an arbitrary number (0-N) of new password candidates based on
> the input.

FWIW, this is currently supported for the special case of N=1. ;-)
That is, filter() can ask for the candidate to be skipped or it can
_modify_ the candidate.

> I'd like to use generate(), filter(), a combination of both,
> or a new function to
> -either: generate a new password based on the password
> provided by john
> -or: indicate that I don't want to generate more passwords based
> on the last password provided by john's cracking mode

Yes, I once had this thought, too.  I think the easiest way to implement
it currently would be by introducing a new global variable in addition
to "word".  Let's call it "retry" for this discussion.  filter() would
set "retry = 1" if it wants to be called again with the same candidate
password (as provided by the main cracking mode in use).

But there might be a cleaner way to do it.  Maybe generate() and
filter() should be replaced with one function, next().

Also, maybe restore() should be dropped, but instead John itself should
be saving and restoring the entire virtual machine's memory.  However,
this would require re-working the crash recovery file management first
since the file would potentially become much larger - and its in-place
rewrites would no longer be reliable enough.

> If you don't think this would be a useful feature, I could
> explain the benefits I expect.

It is obvious to me that this would be a useful feature, -- but I don't
mind you explaining particular usage scenarios you have in mind anyway.

Thanks,

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.