Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20100223184955.GA28264@openwall.com>
Date: Tue, 23 Feb 2010 21:49:55 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: wordlist with 2 words : swap words

On Tue, Feb 23, 2010 at 06:39:41PM +0100, websiteaccess@...il.com wrote:
>  I use your rules " =[1-9A-F]  ^  X\p[2-9A-G]z0 'l" or "=[1-9A-F]  
> x\p[2-9A-G]z $  X0\1z" with very large dictionary (14 gigas). 
> I don't know why, your 2 rules freeze my terminal.

I did mention they were inefficient.  They work reasonably well with
small wordlists, but with large wordlists consisting mostly of short
words they will result in JtR spending noticeable periods of time on
rejecting input words that do not satisfy the criteria of specific rules
generated by these preprocessor expressions.  This may appear as JtR
"freezing", although it would "unfreeze" if you wait long enough.

>  Could you post equivalent rules not able to freeze my terminal (os X) ?

You can try to reduce the lengths range supported by the rules such that
you avoid post-preprocessor rules that would reject most of your input
words.  For example, you may use:

=[1-6]  x\p[2-7]z $  X0\1z

which will only support wordlist entries where the first word is no
longer than 6 characters.  You may adjust the supported lengths to match
your needs - support sufficiently long words, yet avoid "freezing" JtR
too often for too long.

I would not actually recommend any of this, though.  I was merely
addressing your very specific question.  My advice is that, until better
support is implemented into JtR (such as the "missing" rule command I
mentioned/imagined in my previous reply), you use means external to JtR
to produce/process your two-word wordlists.

On the other hand, if you don't need JtR to try any other rules (or no
rules) during the same invocation of it, then you may use this external
filter() instead:

[List.External:SwapWords]
void filter()
{
	int first[0x100];
	int i, j, k, c;

	i = 0;
	while ((c = word[i]) != ' ') {
		if (!(first[i++] = c)) {
			word = 0; // reject
			return;
		}
	}
	first[i] = j = k = 0;
	while (c = word[++i])
		word[j++] = c;
	word[j++] = ' ';
	while (c = first[k++])
		word[j++] = c;
}

You invoke it like this:

john --wordlist=two.lst --external=SwapWords --stdout

For example:

$ cat w
red house
john good

$ john --wordlist=w --external=SwapWords --stdout 
house red
good john
words: 2  time: 0:00:00:00 100%  w/s: 200  current: good john

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.