Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CANnLRdg9=237UvLNzTdrvKF50SVRv1mAma--t4_ugu_+xZr85g@mail.gmail.com>
Date: Sat, 4 Aug 2012 12:51:11 -0600
From: Stephen John Smoogen <smooge@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: how to analyze the efficiency of a rule?

On 4 August 2012 01:10, magnum <john.magnum@...hmail.com> wrote:
> On 2012-08-03 19:59, kzug wrote:
>> Does anybody knows of a way, or a tool,  to analyze the efficiency of
>> a rule?  i.e number of hits per rule. I am writing my own set of
>> rules and I would like to see what hash was cracked with what rule.
>
> You analyze the log file. Here is an example:
>
> 0:00:00:00 Proceeding with wordlist mode
> 0:00:00:00 - Reading next block of candidate passwords from stdin pipe
> 0:00:00:00 - Read block of 1 candidate passwords from pipe
> 0:00:00:00 - 2 preprocessed word mangling rules
> 0:00:00:00 - Rule #1: '$0' accepted
> 0:00:00:00 + Cracked ?: linkedin0
> 0:00:00:00 - Rule #2: '^0' accepted
> 0:00:00:00 + Cracked ?: 0linkedin
> 0:00:00:00 Session completed
>
> You see here that the first rule cracked one hash, and the second one
> cracked another. However, most formats buffer candidates so the log
> would actually look like this:
>
> 0:00:00:00 Proceeding with wordlist mode
> 0:00:00:00 - Reading next block of candidate passwords from stdin pipe
> 0:00:00:00 - Read block of 1 candidate passwords from pipe
> 0:00:00:00 - 2 preprocessed word mangling rules
> 0:00:00:00 - Rule #1: '$0' accepted
> 0:00:00:00 - Rule #2: '^0' accepted
> 0:00:00:00 + Cracked ?: linkedin0
> 0:00:00:00 + Cracked ?: 0linkedin
> 0:00:00:00 Session completed
>
> Some formats buffer thousands or even millions of candidates so this
> will be impossible to parse. To force this not to happen, run with
> --mkpc=1 (this only works w/ Jumbo though). That is how I made the first
> log above. This may hurt performance a *lot* but it can be a gem for
> experiments.

Cool. I usually end up breaking the rules into a huge file of 1 rule
per ruleset.. [talk about inefficient :)]

> magnum
>



-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.