John the Ripper password cracker users

Richard Miles | 16 Aug 2012 13:45

Re: Learn from 'Crack Me If You Can 2012'.

Hi kzug,

Thanks for follow-up, very appreciated! :)

I'm answering inline...

On Wed, Aug 15, 2012 at 3:05 PM, kzug <kzug10@...> wrote:

> I did not reply to the group as some of the questions were already
> answered.
>
>
On my post? I got no other replies, I also looked at web archive and I
don't see them. :(

> 1) Wiki page, search for the reworked by Solar Designer Set of rules
>     Reusable security, search for John the Ripper Related topics
>

Nice, I was aware of it, but basically is makes it runs faster and fix a
few bugs. But I was looking for a new "revolutionary" ruleset, such was
KoreLogic when released in 2010. Are you aware of any other?

Do you have experience with rulesfinder (
https://github.com/bartavelle/rulesfinder)? What do you think about it?

> 2)  plenty in Google
>

Serious? I was unable to find any built passphrase list :(

(Continue reading)

headers

Solar Designer | 16 Aug 2012 16:19

Re: Learn from 'Crack Me If You Can 2012'.

On Thu, Aug 16, 2012 at 06:45:41AM -0500, Richard Miles wrote:
> On Wed, Aug 15, 2012 at 3:05 PM, kzug <kzug10@...> wrote:
> 
> > I did not reply to the group as some of the questions were already
> > answered.

kzug - it was a really bad idea to take this off-list.  Your reply would
have been on topic and desirable, even if repeating something that was
on the list before.  Now we have two threads instead of one.  Anyway,
thanks for replying, even if off-list...

Richard - thank you for bringing this back to the list.  For future
occasions, a better way to do it might have been to ask kzug to post to
the thread on the list, because you wanted to reply on the list.

> On my post? I got no other replies, I also looked at web archive and I
> don't see them. :(

I guess kzug was referring to past discussions.  Frankly, I'd say there
was not a lot to address your questions even in past discussions, and
not a lot now.

> > 1) Wiki page, search for the reworked by Solar Designer Set of rules

I've just updated the wiki page at http://openwall.info/wiki/john/rules
to also include korelogic-rules-20100801-reworked+all-3.txt, which is
the revision we used against fast hashes during the recent contest
(along with some other rulesets).  I described this revision as follows:

In this revision, the individual sections have been included into the

(Continue reading)

headers

Simon Marechal | 16 Aug 2012 16:28

Re: Learn from 'Crack Me If You Can 2012'.

On 16/08/2012 16:19, Solar Designer wrote:
> 1. Custom incremental mode's .chr file containing 27 characters:
> lowercase letters and space.  Here's the filter that was used to
> generate it:

[...]

> Of course, CHARSET_LENGTH was increased.
> 
> 2. Lists of common English words and common passwords combined with
> mix.pl (attached to this message).
> 
> 3. We also extracted likely passphrases from contest-specific texts and
> generated them from previously-cracked contest-specific words/phrases.

I also used a statistical generator, just like the markov mode in JtR,
but that works on words instead of characters. This was not terribly
effective, and I can't really state how good it would fare against real
world passphrases, as they are not so common ...