Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Jun 2015 12:17:37 -0400
From: Alain Espinosa <alainesp@...ta.cu>
To: john-dev@...ts.openwall.com
Subject: RE: Using Probabilistic Context Free Grammars (Was
 precomputed attacks)



-------- Original message --------
From: Matt Weir <cweir@...edu> 
Date:06/29/2015 11:09 AM (GMT-05:00) 
To: john-dev@...ts.openwall.com 
Cc: 
Subject: [john-dev] Using Probabilistic Context Free Grammars (Was precomputed attacks) 

...Now for the downsides. The overhead is pretty high so against fast hashes the increase in precision isn't worth the slower guessing rate. Also the grammar is imprecise enough that against really slow hashes hand written mangling rules still are the way to go. So it currently performs best against medium speed hashes.

I read your Dissertation, is very interesting. The main downside for me is that PCFG is not easily parallelizable so no GPU for it.

I also find your performance comparison unfair given that you don't take into account implementation speed (this is a very common problem in papers talking about password generation). For example if brute force is 4x faster than incremental we need to test it with 4x bigger tries, so we had the same time spent in each attack.

One thing that wake my interest is entropy calculation. One way to view this is that 10 characters passwords are only 4.8x stronger that 8 character password. Given my experience I was expecting more, or perhaps I was too used to contest hashes.

Regards, 
Alain




[ CONTENT OF TYPE text/html SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ