Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Jan 2007 19:53:51 +0100
From: websiteaccess <>
Subject: Incremental mode VS specific rules mode


 This is the question of the day. What is more efficient: Incremental 
alpha mode (-i:alpha) or -rules for cracking large amount of HASHED ?

 ------ GOOD/BAD for incremental mode -----
 GOOD : incremental mode crack really fastly little words (with 6, 7 
 GOOD : no writing of boring rules
 BAD: incremental test all possibility ! Even with a to z, it can take 
really long time (especially for passwords with more than 10 characters)

------ GOOD/BAD for rules mode -----
GOOD : the rules are powerfull.
GOOD : with rules we can test only highly probably possible passwords 
             some variations).
GOOD : can test passwords more than 8 letters
BAD : we have to write rules :( sometimes really boring.

 In this project I test my own new rules based on statistics frequencies
letters (each language has his own frequency).

 I do test with raw-md5 hashes (allow passwords with more than 8 

 NOTE: JTR with incremental is not able (with the basic JTR) cracking 
words longer than 8 letters, with my rules there is no limit (12 or 13 
letters seems already strong  password).

 My rules are specific for french passwords. I will do others rules for 
others language if needed.
 Of course, my actual rules can crack non-french words, but, there are 
more powerfull with french words.

 I have tested in first -i:alpha with a 2128 hashes, then the same 
hashes with my rules.

 In 2128 hashes, may be (and surely) there is a lot of passwords 
composed with (only may be) digits. These hashes will not be volontary 
 I only test my rules contains only alpha (a to z), and incremental 
mode (-i:alpha) will use only a to z (not A-Z or/and 0-9). In this way, 
we can compare the same jobs.

 My project was do rules for crack maximum hashes in a minimum time.

 I give you some results, let's compare :

                                   p a s s w o r d s  f o u n d w i t h
     length words          MODE -i:alph      mode -rules
         12                             0(*)           	 0
         11                             0(*)           	 1
         10                             0(*)           	10
          9                              0(*)           	34
          8                             82                     135
          7                            166                    173
          6                            392                    341
          5                             64              	61
          4                             49              	47
	3                              8               	 0(**)	
				 761			802
	time		         12 h 06	       9 h 02
        elapsed		     (still cracking)    (100% done)

(*) incremental mode, can't crack passwords with more 8 letters
(**) rules are not configured for cracking words less 4 letters.

 Finally, it seems rules crack more passwords in less time.

 "Rules mode" has cracked 45 words with more 8 letters (hardest
 to crack) in less time than incremental mode (- 3h04mn)

 Hope this test can be usefull for someone.

 -- Websiteacces --

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ