Openwall wordlists collection for password cracking (20+ languages)
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 25 Apr 2010 12:32:16 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Re-ordered 'Single Mode' Ruleset

On Sun, Apr 25, 2010 at 04:11:31AM -0400, Matt Weir wrote:
> The training and cracking sessions were run against different sets of one
> million passwords each, even though both of them came from the same
> disclosed list, (that's the amazing thing about having a list of 32 million
> passwords). I posted another blog entry showing the ruleset being run
> against two other password lists, (the phpbb.com list and the MySpace list).
> The short answer is that the re-ordered rules performed slightly better than
> the original single rule-set against the phpbb.com list, and significantly
> better, (in the first 500 million guesses), against the MySpace list. The
> post, along with the corresponding graphs, can be viewed at the following
> link:
> 
> http://reusablesec.blogspot.com/2010/04/optimizing-jtrs-single-mode-follow-up.html

Yes, you used a decent approach.  I am convinced now.  Thank you!

Perhaps the "single crack" ruleset included with JtR should be
re-ordered in a similar way, although this would require
additional/different testing (based on usernames and GECOS info, and
also for truncating hash types).

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ