Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 9 Sep 2013 14:40:35 -0400
From: Rich Rumble <richrumble@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Sayantan's Weekly Report #13

On Mon, Sep 9, 2013 at 1:21 PM, magnum <john.magnum@...hmail.com> wrote:

>
> Just thinking out loud here: How much is the gain from consecutive ranges?
> I believe HashCat does in fact not use consecutive ranges even for eg. ?l
> but instead sort them after some kind of probability order. This would be
> even more useful with ?a which should probably start with some lower-case
> letter and end with "~" or some other less used character. I have noticed
> that when you use a large mask like ?a?a?a?a?a?a it takes quite a while
> before first crack because the "msb" part starts with seldom used specials.
>
Couldn't  ?a?a?a?a?a?a = incremental 6 (all.chr)
maybe ?u?l?l?l = inc_1(alpha_upper) + inc_3(alpha_lower)
 or would it just make more sense that ?u?l?l?l is actually
inc_4(alpha_lower) with just the first char capitalized (C)

It could just be me not understanding, and Mask mode is a totally different
animal than Incremental/trigraphs. With the recent work that's been done,
are there better ways to guess weak passwords? Would "n-grams" work in
place of ?a?a?a?a?a?a (6-"grams") work there as well as inc-6-all, or
markov-6-all? I can't code anything and math isn't a subject I'm gooder in,
so that's your guys show, I'm just always curious :) Devils advocate
signing off.
-rich

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.