Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CANWtx03PsAuWbFWKjx-MVTTe-RUw-dA3g9rtGaZCLfYEbsmqGg@mail.gmail.com>
Date: Mon, 20 May 2013 21:18:42 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Random passwords with modulo bias

On Mon, May 20, 2013 at 7:31 PM, Solar Designer <solar@...nwall.com> wrote:
> On Tue, May 21, 2013 at 08:44:36AM +1000, Michael Samuel wrote:
>> I was wondering if JtR can be tuned to attack random passwords where
>> the random password generator is known and has modulo bias?
>
> Yes.  The easiest way is to train its incremental mode on a large set of
> such passwords.
>
>> I've been having trouble finding papers/talks on the subject, which
>> surprised me.
>
> I guess the issue is considered too simple by those who are aware of it,
> and the rest would not write/talk about it because they're unaware of it.

There is/was the Strip external mode as well, if one could find
similar flaws JtR *might* be able to take advantage like it did with
Strip 0.5 for Palm:
http://copilotco.com/mail-archives/bugtraq.2001/msg01768.html
http://www.openwall.com/lists/announce/2001/05/10/1

-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.