Running JtR’s Tokenizer Attack

Disclaimer 1: This blog post is on a new and still under development toolset in John the Ripper. Results depict the state of the toolset as-is and may not reflect changes made as the toolset evolves.

Disclaimer 2: I really need to run some actual tests and password cracking sessions using this attack, but I’m splitting that analysis up into a separate blog post. Basically I have enough forgotten drafts sitting in my blogger account that I didn’t want to add another one by trying to “finish” this post before hitting publish. So stay tuned for new posts if you want to see how effective this attack really is.

Introduction:

It’s been about 15 years since I last wrote about John the Ripper’s Markov based Incremental mode attacks [Link] [Link 2]. 15 years is a long time! A lot of work has been done applying Markov based attacks to password cracking sessions, ranging from the OMEN approach to Neural Network based password crackers. That’s why I was so excited to see a new proof of concept (PoC) enhancement of JtR’s Incremental mode that was just published by JtR’s original creator SolarDesigner.

The name of this enhancement is likely going to change over time. Originally it was described in an e-mail thread as “Markov phrases”. That’s not a bad descriptor, but doesn’t really get to the heart of the current PoC. Therefore in this blog post I’m going to call this attack after the new script SolarDesigner released (tokenize.pl) and just refer to it as a “Tokenizer Attack”. I think this  gets closer to conveying how the underlying enhancement differs from the original Incremental attack which the tokenizer attack is built o

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.

This article has been indexed from Security Boulevard

Read the original article: