Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 14 May 2013 01:17:22 +0400
From: Solar Designer <>
Subject: Re: Incremental mode in

On Mon, May 13, 2013 at 10:28:49PM +0200, magnum wrote:
> Like most everyone else, I'm not fully understanding Incremental. So, would any training word *starting* with 'X' increase the chance of producing the complete candidate "X", or are only actual training words being exactly "X" counted?

Neither answer fully matches the reality.  There's some separation
between the cracking order[], which is about character indices rather
than actual characters, and the sorted lists of characters.  There's no
1-to-1 mapping from indices to actual characters since it varies by the
length and by the preceding 1 or 2 characters (OK, for length 1 this is
simpler).  Also, the expand() logic, when it comes into play, may in
fact make a character such as 'X' appear closer to the start of an
expanded sorted string even if that character never appeared for the
same password length.  Currently, when expand() takes data from another
length (a last resort fallback), it only does so via allchars, so info
such as where in that other length's passwords this character appeared
(e.g. at the start or not) is not used - this is one of the things I
meant when I mentioned that the expand() logic needs to be improved.

> I need to do more and longer tests to eliminate noise, and analyze the actual results to evaluate the exact differences... But here are quick results from 60s of attacking a test set of some 740,000 descrypt hashes unrelated to rockyou, with incremental trained from rockyou:
> 1e-3: 18279 guesses
> 0.01: 18328
> 0.1: 18342
> 0.5: 18316
> 0.9: 18333
> 1.0: 18326

Thanks!  You could also test on fast and saltless hashes, which would
serve to simulate a longer run against descrypt (or slower).

And, where's the info on how this changed the position of rare one-char
passwords in the candidates stream?  You should be looking at this as
well since making sure those trivial passwords will get cracked early on
was one of your goals.

Do you also have numbers for similar tests of 1.7.9's incremental?

> The result from using "1 / powi(10, length)" instead of a fixed number is 18367. So in this micro-test, it wins - and the 1e-3 is worst of all. But again, this is not very solid data and differences are small anyway.

This is interesting.  Yes, need more and longer tests.  This also gives
us two parameters to tune: the "1" and "10" in "1 / powi(10, length)".

> Maybe I should run -wo:rockyou before doing the tests, to filter the worst passwords from the counts.

Yes, we should consider the results of such tests too.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.