Date: Mon, 23 Apr 2007 23:33:05 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Alternative candidate password generator On Fri, Apr 20, 2007 at 10:46:26AM +0200, Simon Marechal wrote: > It was supposed to be an open question. Right now I'm toying with > password generators based on first order markovian filters, that seems > to work better than -inc on two accounts: > * find more passwords in a given time (got to test some more) What data are you using to train your generator? Is it real passwords? Are you then running it against hashes of the _same_ passwords? If so, that test does not reflect real-world usage scenarios well. I can apply a trivial modification to the code in inc.c that would make it provide excellent results on hashes of the same passwords that were used to generate the .chr files, but obviously this is not what is desired. What about the number of non-wordlist-crackable passwords found? It was my assumption that other cracking modes would be used along with (and perhaps before) "incremental" mode, so its goal is to crack as many _additional_ passwords as possible within a reasonable time. If the goal were different - to crack just as many passwords as possible - then I could have it appear more efficient on its own, but it would be of less use in practice. > * work could easily be distributed Is this not the case for "incremental" mode? > But not as good for: > * generating candidate passwords fast (although I'm sure that a bit of > tweaking would help here) This is probably a limitation of your implementation only. > * working an indefinite amount of time That's correct. In fact, the trivial modification to inc.c that I've mentioned would likely result in very similar behavior. -- Alexander Peslyak <solar at openwall.com> GPG key ID: 5B341F15 fp: B3FB 63F4 D7A3 BCCC 6F6E FC55 A2FC 027C 5B34 1F15 http://www.openwall.com - bringing security into open computing environments -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.