[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20100817072525.GA516@openwall.com>
Date: Tue, 17 Aug 2010 11:25:25 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: change vowels and consonant with others.
On Fri, Aug 13, 2010 at 02:46:55PM +0200, websiteaccess@...il.com wrote:
> CCVC
...
> CCCV
>
> How to change all occurences "C" with consonant [bcdfghjklmnpqrstvwxz]
> and "V" with [aeiouy].
You may misuse the wordlist rules engine to do this, although it was not
designed to do it. It will spend too much time verifying the syntax of
preprocessed rules if you do this for length 7 or longer. JtR will
appear to freeze at startup.
Here's a Perl script to convert your patterns list to wordlist rules:
#!/usr/bin/perl
%patterns = (
'C' => '[bcdfghjklmnpqrstvwxz]',
'V' => '[aeiouy]'
);
while (<>) {
chomp;
s/(.)/$patterns{$1}/eg;
print "A0\"$_\" ]\n";
}
You run it like:
./p2r.pl < patterns > rules
where the "patterns" file should contain your list of patterns, and the
"rules" file will need to be placed into a wordlist rules section in
john.conf. For your specific list of patterns, the script's output is:
A0"[bcdfghjklmnpqrstvwxz][bcdfghjklmnpqrstvwxz][aeiouy][bcdfghjklmnpqrstvwxz]" ]
A0"[bcdfghjklmnpqrstvwxz][aeiouy][bcdfghjklmnpqrstvwxz][aeiouy]" ]
A0"[bcdfghjklmnpqrstvwxz][aeiouy][bcdfghjklmnpqrstvwxz][bcdfghjklmnpqrstvwxz]" ]
A0"[aeiouy][bcdfghjklmnpqrstvwxz][aeiouy][bcdfghjklmnpqrstvwxz]" ]
A0"[aeiouy][bcdfghjklmnpqrstvwxz][bcdfghjklmnpqrstvwxz][aeiouy]" ]
A0"[bcdfghjklmnpqrstvwxz][bcdfghjklmnpqrstvwxz][aeiouy][aeiouy]" ]
A0"[bcdfghjklmnpqrstvwxz][aeiouy][aeiouy][bcdfghjklmnpqrstvwxz]" ]
A0"[aeiouy][bcdfghjklmnpqrstvwxz][bcdfghjklmnpqrstvwxz][bcdfghjklmnpqrstvwxz]" ]
A0"[aeiouy][aeiouy][bcdfghjklmnpqrstvwxz][bcdfghjklmnpqrstvwxz]" ]
A0"[aeiouy][aeiouy][bcdfghjklmnpqrstvwxz][aeiouy]" ]
A0"[aeiouy][bcdfghjklmnpqrstvwxz][aeiouy][aeiouy]" ]
A0"[bcdfghjklmnpqrstvwxz][aeiouy][aeiouy][aeiouy]" ]
A0"[aeiouy][aeiouy][aeiouy][bcdfghjklmnpqrstvwxz]" ]
A0"[bcdfghjklmnpqrstvwxz][bcdfghjklmnpqrstvwxz][bcdfghjklmnpqrstvwxz][aeiouy]" ]
Notice how this deletes one character (the "]" command) from the "word".
This is needed because JtR won't proceed to apply rules to an empty
string (JtR's logic is that if the "word" is emptied at any point during
rule processing, it is to be skipped as most of the time this would
otherwise result in duplicate candidate passwords). So instead of
trying to apply the above rules to an empty string, we apply them to a
one-character string. That is, the wordlist file to use with the above
ruleset should contain just one line with any one character on it. Then
JtR produces:
bbab
bbac
bbad
bbaf
bbag
bbah
bbaj
bbak
bbal
bbam
...
zzxi
zzxo
zzxu
zzxy
zzza
zzze
zzzi
zzzo
zzzu
zzzy
words: 295680 time: 0:00:00:01 100% w/s: 163359 current: zzzy
There are no duplicates (I've checked).
Notice how the number 295680 is quite close to the number of all
4-letter strings (456976), which means that this entire approach
(consonant-vowel patterns) is not such a great idea (at least not for
short candidate password lengths). It is also not a great idea because
JtR's incremental mode sort of does this already (and more). But you
asked how to do it, and the above is an answer.
To make the wordlist rules more efficient, you may instead create two
"wordlists" - one containing just consonants (20 or 21 lines with one
character per line), the other just vowels (6 or 5 lines). Then create
two lists of patterns for the subsequent characters, assuming that the
first character is a consonant (one list) or a vowel (the other list).
Modify the script to use:
print "Az\"$_\"\n";
(that's "Az" in place of "A0", and no delete character command). Then
use two invocations of JtR (each with its "wordlist" and ruleset).
Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
