Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Aug 2020 16:42:55 +0200
From: Solar Designer <>
Subject: Re: rain mode


Thank you for this additional detail.

On Fri, Aug 28, 2020 at 04:13:05PM +0200, Owein Douard wrote:
> Alexander, to answer your question that is why and when to use rain mode,
> I'd say after incremental mode has been run with a maximum length bound
> that allows a full ascii character set to be exhausted.

That's not how incremental mode is normally used, except sometimes for
some short lengths where an exhaustive search can be done quickly.

Normally, incremental mode is allowed to switch lengths back and forth,
and doesn't exhaust the full ASCII character set for the higher lengths
(several of them) that it ends up testing.

> Then we should try this mode
> starting with the latter run's maximum length + 1. This would avoid
> duplicating.

There wouldn't be that clear "maximum length + 1" in optimal usage of
incremental mode, however let's suppose we crippled incremental mode
(such as for ease of our further reasoning) by limiting it to some lower
maximum length.  Say, we let it run for lengths up to 6 and exhaust that
space.  Then we can either let it run for lengths 7+ or run rain mode
for lengths 7+ instead.  Either of these won't be limited solely to
length 7 until exhausting it, but would try various passwords of length
7 and above.  Which one of these would crack more passwords in the same
amount of time?  Can you test?  My bet is on incremental.

BTW, you don't actually need to exhaust length 6 to test the above - we
only need password counts for length 7+ for one mode vs. the other.  So
you can only do the length 7+ tests, and we'll have our comparison.

Please feel free to suggest and test this for another reasonable length
threshold as well.

> In general, the rain mode is not meant to be used against 'laid back
> passwords', where users did not really care about their security because
> they were eager
> to access the service or wanted something easy to remember, but against
> complex keys that are utterly unpredictable.

> I am going to do these tests you asked for in a few hours from now and will
> let you know, but my hashes are simples and you should expect incremental
> mode to be the winner, but rain mode to find the long passwords before.

Please feel free to also test on the kind of hashes where you expect
rain mode to help.  For example, you may take a list of mostly "laid
back passwords" (in your words) like RockYou and leave only the unique
passwords (not seen in there more than once).

> I wrote a post on the forum of hashcat where I was introducing zhou as a
> 'last resort cracking utility', and that is how the combination of the
> algorithm and of the alternation of all the lengths should be used.

Found it:

> It's rare (for what I've seen) to find a truly long password, but when it's
> the case, even though it be a simple one, the fact that we need to exhaust
> the length one by one will make the task impossible,

Incremental mode doesn't need to exhaust the lengths one by one.

> Regarding the algorithm itself, I think it can fill a gap between a very
> deep markov and a linear bruteforce.

I think incremental mode already fills that gap.

> Patterns that appear are once simple
> once complex, I have not found any other way to express that than calling
> it rain,
> but maybe the word skyzo (skyzo = shattered) suits.
> Regarding the 3d note you made, the only thing that can be done to
> randomize the algorithm is to randomize the starting value for the variable
> 'rain', and wrap around the total expected, starting back to zero. It works
> well. I tried it before.




Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.