Date: Thu, 29 Mar 2012 10:33:48 +0200 From: Simon Marechal <simon@...quise.net> To: john-users@...ts.openwall.com Subject: Re: Specific rule creation contest On 28/03/2012 17:06, Matt Weir wrote: > 2) If you're looking at winning, 'overtraining' is a good thing ;p That was a really nice challenge, because it allowed me to benchmark my tool, and, more importantly, to find problems in it ;) How does yours work ? Mine is available here : https://github.com/bartavelle/rulesfinder It takes a dictionnary, a list of password, and tons of "base rules". It runs the "base rules" agains the dictionnary, then another program tries to match those generated candidates into the actual password list. It produces a list of rules of the form : "base rule" "appended characters" "prepended characters" For example, with "base rules" u, a single word dictionnary "lap" and a single password "unlapin", you would get : "u" "un" "" Finally, an approximative solution to the coverage problem is found. There has been a bit of work so that it would not be horribly slow or take too much memory when working with a bit of data (I usually run it against a 14.5M entries dictionnary and the rockyou password list). My score using JtR is 21795. After the solutions were released I generated some obvious base rules I missed and went to 22190.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ