Date: Tue, 29 Aug 2006 14:32:59 +0200 (CEST) From: rembrandt@...erlin.de To: john-users@...ts.openwall.com Subject: Re: Using a pre-computed list of alphanumeric strings. (not rainbow tables) > Why would you have to generate that for every salt? When you have a word > list, its just plain text dictionary file, and John uses that. > > I guess I overlooked something.....when I was cracking NT hashes with > pre-generated rainbow tables.... I could do it fast and effectively > because > the hash could be broken into two 7 char strings, so really you are only > cracking 7 chars at a time....a MUCH smaller list then having a table of > all > possible 14char alphanumeric combinations.... > > Thanks. Because somebody mentioned the space needed to store "Rainbowtables": This space can get reduced dramaticly using the "right" compression algorithm. I will (again) mention LZMA because it compresses REALY awesome. But except of "words" I`ll show you a example: godfather $ du -h phatbot_current_source.tar.lzma 7.0M phatbot_current_source.tar.lzma godfather $ time lzmash -d phatbot_current_source.tar.lzma 0m4.63s real 0m1.77s user 0m0.42s system godfather $ du -h phatbot_current_source.tar 182M phatbot_current_source.tar This is the PhatBot (aka Agobot3) Sourcecode including A LOT variants and plugins and foo. As you can see I`m able to compress it down to 7MB. Comparing lzma to gzip and bzip2: godfather $ gzip -9 phatbot_current_source.tar godfather $ du -h phatbot_current_source.tar.gz 57.8M phatbot_current_source.tar.gz godfather $ time gunzip phatbot_current_source.tar.gz 0m12.83s real 0m1.12s user 0m0.30s system godfather $ bzip2 -9 phatbot_current_source.tar godfather $ du -h phatbot_current_source.tar.bz2 52.4M phatbot_current_source.tar.bz2 godfather $ time bunzip2 phatbot_current_source.tar.bz2 0m19.24s real 0m12.33s user 0m0.32s system Results (time) are maybe NOT correct because I have 2 running JtRs. LZMA decompresses much faster then bzip2 but mostly a littlebit slower (not very much, just a littlebit) then gzip. I did not tested how long it takes to comrpess because for realy BIG files you may need hours to compress it with LZMA. Downsides of LZMA: - You need a LOT RAM to compress with the "best" values (even I didn`t compressed it with the BEST values because I just have 2Gb). - It may take hours to compress (depends to the original filesize) Advantage: - It decompresses much faster then bzip2 - It`s VERY useable for stuff you may compress ONCE but decompress/use a lot Decompression enegine is about ~10kb so it wont make &your programm here& that fat. And that LM can get splitted into 7 char blocks is right and this means you just need a rainbowtable up to 7 Chars because a PW of about 12 chars gets splitted into 7+5 and should get brocken absolutly fast. So conclusion: It makes sense to may even enable JtR to use Rainbowbooks, at least for such weak algorithms. It will become kinda useless for Blowfish or maybe even MD5 but for DES/LM it may makes sense (combinated with a good compression). Kind regards, Rembrandt -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ