Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 29 Jun 2015 12:17:37 -0400
From: Alain Espinosa <>
Subject: RE: Using Probabilistic Context Free Grammars (Was
 precomputed attacks)

-------- Original message --------
From: Matt Weir <> 
Date:06/29/2015 11:09 AM (GMT-05:00) 
Subject: [john-dev] Using Probabilistic Context Free Grammars (Was precomputed attacks) 

...Now for the downsides. The overhead is pretty high so against fast hashes the increase in precision isn't worth the slower guessing rate. Also the grammar is imprecise enough that against really slow hashes hand written mangling rules still are the way to go. So it currently performs best against medium speed hashes.

I read your Dissertation, is very interesting. The main downside for me is that PCFG is not easily parallelizable so no GPU for it.

I also find your performance comparison unfair given that you don't take into account implementation speed (this is a very common problem in papers talking about password generation). For example if brute force is 4x faster than incremental we need to test it with 4x bigger tries, so we had the same time spent in each attack.

One thing that wake my interest is entropy calculation. One way to view this is that 10 characters passwords are only 4.8x stronger that 8 character password. Given my experience I was expecting more, or perhaps I was too used to contest hashes.


Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.