Wish-list for JtR
THIS PAGE IS DEPRECATED. Use https://github.com/magnumripper/JohnTheRipper/issues instead.
Add stuff that you think would enhance JtR to this list. Also consider writing to the mailing list about the details and link to that in here.
If you start working on one of the items, add a note on it, listing who is doing the work, i.e. (in progress, magnum)
Support for kerberos etype 1 (des-cbc-crc) and etype 3 (des-cbc-md5) (
ref)
-
-
The Bat! cracker
Intuit Quicken
SIMD support in scrypt format
RipeMD-320(HMAC), used by Lenel OnGuard, PasswordPro supports this already NOTE, ripemd320 is now supported in JtR.
Apache Derby
Features/enhancements
Add Unicode support for is_mixedcase() in inc.c (not performance critical).
Add generic tag-alias handling to dynamic, so eg. a thin format or a user defined or preloaded one could specify its format_tag. It would enable a format to recognize both “$dynamic_nn$” and “$postgre$” in input files as well as pot files but always output the latter.
Try to interleave the BLAKE2 code, just like done with MD4/MD5/SHA1 in sse-intrinsics.c.
-
'Auto' Optimization of Rules at run-time prior to running rules (at rules init).
argc/argv for external modes
john.conf item for default mem-file-size (see
comment below)
john.conf item for default field-separator-char (see
comment below)
Evaluate the possibility of implementing (at command line and/or in Rules section of john.conf) “rules x rules” - eg. one ruleset who's resulting candidates go through another ruleset. Two rulesets of 100 rules each will produce up to 10,000 candidates. This is currently possible using “john … -ru:first -stdout | john -pipe -ru:second …”.
If easily implemented, allow multiple –rules=xx –rules=yy that will be just like using ”.include [yy]” as last line of rule xx in john.conf.
Issues/bugs needing a look
BUG in dynamic. If there are $$Fx which pull data from some of the fields, this $$Fxdata is NOT written to the hash line, written into the john.pot file. Thus, the data to crack is lost!!! Not sure how to work around this. It does appear, if the $$U is used (user name in the format), but the $$U is not in the salt provided (thus the user name is read from array element 0), This DOES get written into the found hash line (as a $$Uuser string in the salt). Thus, this is fine. However, the $$Fx's seem to be broken. These are things 'added' to dynamic, but I am not sure anyone uses them.
Wish-list for JtR Test Suite
Add length test files (eg. just 0..125 dots, 0..125 pound signs in ANSI, 0..125 euro signs in UTF-8 and so on). The result is “format handled up to length nn”)
Add test files that should be cracked in (say) 5 secs of –incremental. Very slow formats could use almost all candidates while very fast formats could use 1/100,000 or whatever.
Add test files that needs –rules for being cracked.
Add test files that can be cracked using an external mode (eg. -ext:subsets).
Back to: