Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20190131173057.GB2892@openwall.com>
Date: Thu, 31 Jan 2019 18:30:57 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: John The Ripper Incremental Mode

On Tue, Jan 29, 2019 at 11:20:38PM +0200, Andrej Rybicki wrote:
> I'm trying my password strength with John The Ripper. It has Incremental
> mode which basically brute forces every character:
> 
> [Incremental:Alpha]
> File = /usr/share/john/alpha.chr
> MinLen = 7
> MaxLen = 9
> CharCount = 26

Your use of "CharCount = 26" is weird.  You're not choosing lower- or
uppercase here.  You're choosing whatever 26 characters are the most
common ones given the circumstances (length, position, preceding two
characters).  If so, why specifically 26?  And why limit this at all
rather than let incremental mode figure out what's optimal?

> But none of john descriptions tells how to use incremental mode with
> patterns.

Incremental mode is all about trying the candidate passwords in an
optimal order - from most likely to least likely - based on statistics
that it's been trained on (by default, on the RockYou leak).  It does
not directly support specification of patterns.

> For example:
> 
> Password between 7 to 9 characters.
> 
> First character Uppercase. Other characters - alphabetic.

By alphabetic, do you mean they can be lower- or uppercase?  If so, by
specifying that the first character is strictly uppercase, you've merely
halved the search space, which isn't that much of a win - probably not
enough of a win to give up on incremental mode.

> John has rules like:
> 
> ?i ?a ?a ?a ?a ?a ?a ?a ?a
> 
> But rules are for wordlists. I tried my word list as an empty line, but
> that did not catch up.

Wordlist mode rules are for filtering and/or modifying words.  They are
not for generating candidate passwords out of thin air.

> Are there rules for incremental mode?

No.

What you're looking for is mask mode, where you can do e.g.:

john -2='?l?u' --mask='?u?2' --min-length=7 --max-length=9 pw

> Or there are some ways like: Incremental:Upper + Incremental:Alpha,

You can combine incremental mode with mask mode, e.g.:

john --incremental=alpha --mask='?u?w' --min-length=7 --max-length=9 pw

This forces the first character to uppercase (with mask mode) and the
rest to any alphabetic (with incremental mode).  This will likely crack
your password sooner than using mask mode alone.

> where upper is set to MinLen and MaxLen = 1. You get the idea.

Actually, I find the above line confusing.

Anyway, most importantly you need to clarify whether your "Other
characters" are mixed case (as you seemed to imply, and I used in the
example commands) or are actually strictly lowercase (which will let you
run much quicker attacks).

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.