“I have not failed. I’ve just found 10,000 ways that won’t work”

– Thomas Edison

Introduction:

This is a continuation of a deep dive into John the Ripper’s new Tokenizer attack. Instruction on how to configure and run the original version of Tokenizer can be found [Here]. As a warning, those instructions need to be updated as a new version of Tokenizer has been released that makes it easier to configure. The first part of my analysis can be found [Here].

This is going to be a bit of a weird blog entry as this is a post about failure. Spoiler alert: If you are reading this post to learn how to crack passwords, just go ahead and skip it. My tests failed, my tools failed, and my understanding of my tools failed. A disappointing number of passwords were cracked in the creation of this write-up. I’ll admit, I was very tempted to shelve this blog post. But I strongly believe that documenting failures is important. Often when reading blog posts you don’t really see the messy process that is research. Stuff just doesn’t work, error messages that are obvious in retrospect are missed, and tests don’t always turn out the way you expect. So as you read this, understand that it’s more a journal of troubleshooting research tests when they go wrong, vs. a documentation of what to do.