Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 13 May 2013 22:28:49 +0200
From: magnum <>
Subject: Re: Incremental mode in

On 13 May, 2013, at 20:42 , magnum <> wrote:
> On 13 May, 2013, at 20:22 , Solar Designer <> wrote:
>> On Mon, May 13, 2013 at 07:30:44PM +0200, magnum wrote:
>>> I had similar results with two-character candidates and so on. Is there any way short lengths could get more "weight", or some other mitigation for this "regression"?
>> They get so little weight because they're so rare in the training set
>> (perhaps non-existent, for these specific characters?)  

Like most everyone else, I'm not fully understanding Incremental. So, would any training word *starting* with 'X' increase the chance of producing the complete candidate "X", or are only actual training words being exactly "X" counted?

>> Change the 1e-3 (in both places) to something larger (e.g., 1e-2).
>> I think the largest value that makes sense is 1.0.  So maybe test these:
>> 0.01
>> 0.1
>> 0.5
>> 0.9
>> 1.0

I need to do more and longer tests to eliminate noise, and analyze the actual results to evaluate the exact differences... But here are quick results from 60s of attacking a test set of some 740,000 descrypt hashes unrelated to rockyou, with incremental trained from rockyou:

1e-3: 18279 guesses
0.01: 18328
0.1: 18342
0.5: 18316
0.9: 18333
1.0: 18326

> Just thinking out loud, how about using some variant of "1/length" instead of a fixed figure? That would benefit really short lengths but not skew the longer ones.

The result from using "1 / powi(10, length)" instead of a fixed number is 18367. So in this micro-test, it wins - and the 1e-3 is worst of all. But again, this is not very solid data and differences are small anyway.

Maybe I should run -wo:rockyou before doing the tests, to filter the worst passwords from the counts.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.