Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Jun 2015 15:04:48 -0400
From: Alain Espinosa <alainesp@...ta.cu>
To: john-dev@...ts.openwall.com
Subject: Re: Using Probabilistic Context Free Grammars (Was
 precomputed attacks)



-------- Original message --------
From: Matt Weir <cweir@...edu> 
Date:06/29/2015 1:17 PM (GMT-05:00) 
To: john-dev@...ts.openwall.com 
Cc: 
Subject: Re: [john-dev] Using Probabilistic Context Free Grammars (Was precomputed attacks) 

>> I also find your performance comparison unfair given that you don't take into account implementation speed

...When talking about performance I think it comes down the the law of diminishing returns. There are a couple of costs associated with a password cracking session...

You are right in your points. Nevertheless from a *cracking* paper I expect, or want to expect, to consider and mention:

- the algorithm is CPU parallelizable? 
- the algorithm is GPU friendly?
- a base execution time compared to brute force. No need to optimize it, only some baseline to compare.

Note that GPU cracking is relatively new, so old papers don't consider it.

Why advanced probabilistic is so hard to find in crackers? Because in the majority of cases they are not needed, with dumb generation we can find a good deal of passwords. And dumb generation is very fast. And a good part of hashes are very fast (NTLM and unsalted MD5). And the learning curve for this tools are high (John incremental is an exception here).

I am on favor to use advanced probabilistic instead of dumb brute force always, but not in the current state. For example John incremental isn't GPU friendly, so is best to use a targeted brute force (oclHashcat mask mode). This is basically the reason I mention it, if researchers consider it they probably can change they algorithms to make them of more practical use.

Regards, 
Alain
Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.