[prev in list] [next in list] [prev in thread] [next in thread] 

List:       john-users
Subject:    Re: [john-users] How to stop consideration of repeated characters
From:       B B <dustythepath () gmail ! com>
Date:       2017-04-28 21:48:12
Message-ID: 12E0B65F-02C3-4393-8936-E6C7218822FA () gmail ! com
[Download RAW message or body]


Thank you,
This is very helpful information.
> <john-users-subscribe at lists.openwall.com> Apr 28, 2017, at 1:44 PM, Solar \
> Designer <solar@openwall.com> wrote: 
> Hello Bill,
> 
> On Fri, Apr 28, 2017 at 01:30:40PM -0700, B B wrote:
> > I am new to JtR and am trying to recover a lost password for which I have both a \
> > probable beginning and end. I also have a limited character set for the middle of \
> > the password. 
> > I have been using Crunch to generate word lists but these lists have repeated \
> > characters such as [known}aaab[known]. I know for a fact there are NO repeated \
> > characters in my lost password but can not find any mention of a rule? to reject \
> > them. 
> 
> This is tricky and most likely unreasonable to do.  What hash or file
> type are you attacking?  How fast does the attack go?  It is unlikely
> that reducing the keyspace by such a small margin is going to
> significantly improve your chances of cracking that password within the
> timeframe you're willing to allocate.
> 

I am attacking a FileVault sparsebundle img hash retrieved with dmg2john (AES256) so \
realize I must seriously cut down on the possibilities. I have 10 years of data \
locked away from the simple mistake of creating a 2nd admin account on my laptop to \
edit my main account. When I checked a Filevault checkbox I did not realize it would \
RE-encrypt everything to the new admin account and even nullify the original \
FileVault key.  I promptly deleted the account and forgot the password after doing \
what I needed to do. Sort of stupid, but more like a sloppy mistake. I am using 1.80 \
Jumbo.


> > Another question, to get around the use of Crunch, is can I quote a fixed/known \
> > character string at the beginning and the end in a rule? 
> > Such as ???pass???A-z???word????
> 
> You don't need Crunch.  With recent JtR -jumbo, you can achieve the same
> with its mask mode, e.g.:
> 
> john -9='?l?u' --mask='pass?9?9?9?9word' passwd-file-here
> 
> or e.g.:
> 
> john -9='?l?u' --mask='pass?9?9[aeiou]?9word' passwd-file-here
> 
> to restrict one of the characters to a smaller set.  You can also use
> character ranges, etc.
> 


> To likely significantly improve your chances, you can use e.g.:
> 


> john --inc=alpha --min-len=12 --max-len=12 --mask='pass?wword' passwd-file-here
> 

./john --inc=LowerNum --min-len=12 --max-len=12 --mask=‘pass?wword'


This seems to work fine. Hmm, about 3 weeks with my configuration with 5 unknowns, \
guess I'll fire up another box!!! I may have to do several of these at different \
lengths, maybe up to 6 characters which I'm not sure is possible. I am prepared to \
spend electricity on this problem. ;)

> so that the 4 character (in this example) portion in the middle is
> filled with character sequences sorted for decreasing estimated
> probability based on character frequencies in other passwords.
Is this something I create (other passwords) or what is built into the config file \
already that you are referring to? ( I believe I've read I can create such a file).

> Things
> like this can make far greater difference than omitting a small fraction
> of the keyspace would.
> 
Custom.chr?

 I know for a fact I did not use z, x or q. Now I could go with —inc LowerNUM which \
shouldn't be to bad in iterations of 4 and 5 unknown characters. Are you saying, to \
be clear that the difference between LowerNUM and a custom character set is not \
efficient? I note that LowerNum is about 36 vs 27 I am fairly certain about. 

Thank you



> Alexander



[prev in list] [next in list] [prev in thread] [next in thread]