Date: Mon, 13 May 2013 22:28:49 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: Incremental mode in 126.96.36.199 On 13 May, 2013, at 20:42 , magnum <john.magnum@...hmail.com> wrote: > On 13 May, 2013, at 20:22 , Solar Designer <solar@...nwall.com> wrote: >> On Mon, May 13, 2013 at 07:30:44PM +0200, magnum wrote: >>> I had similar results with two-character candidates and so on. Is there any way short lengths could get more "weight", or some other mitigation for this "regression"? >> >> They get so little weight because they're so rare in the training set >> (perhaps non-existent, for these specific characters?) Like most everyone else, I'm not fully understanding Incremental. So, would any training word *starting* with 'X' increase the chance of producing the complete candidate "X", or are only actual training words being exactly "X" counted? >> Change the 1e-3 (in both places) to something larger (e.g., 1e-2). >> I think the largest value that makes sense is 1.0. So maybe test these: >> >> 0.01 >> 0.1 >> 0.5 >> 0.9 >> 1.0 I need to do more and longer tests to eliminate noise, and analyze the actual results to evaluate the exact differences... But here are quick results from 60s of attacking a test set of some 740,000 descrypt hashes unrelated to rockyou, with incremental trained from rockyou: 1e-3: 18279 guesses 0.01: 18328 0.1: 18342 0.5: 18316 0.9: 18333 1.0: 18326 > Just thinking out loud, how about using some variant of "1/length" instead of a fixed figure? That would benefit really short lengths but not skew the longer ones. The result from using "1 / powi(10, length)" instead of a fixed number is 18367. So in this micro-test, it wins - and the 1e-3 is worst of all. But again, this is not very solid data and differences are small anyway. Maybe I should run -wo:rockyou before doing the tests, to filter the worst passwords from the counts. magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.