Date: Thu, 22 Jan 2009 10:42:40 +0100 From: Samuele Giovanni Tonon <samu@...uxasylum.net> To: john-users@...ts.openwall.com Subject: Re: keyspace, mask password and dumb bruteforce On Wed, 2009-01-21 at 17:37 +0300, Solar Designer wrote: > On Fri, Jan 16, 2009 at 03:49:28PM +0100, Samuele Giovanni Tonon wrote: > > A "collision free" algorithm is to simply scan through the keyspace by > > going incremental (i.e. 0000 0000, 0000 0001, 0000 0002 and so on...) > > and splitting our work in to "chunks" for each client. > > These chunks must be big enough to make the client work for some time > > (some hours/some minutes) and then give back a feedback to the server. > > > > Then there's Jtr and his incremental mode which, for what i've > > understand, will go to search the same keyspace as above but going to > > test some "most likely to be" passwords first; This way, unfortunately, > > is not higly distributed tough > > Actually, it is not very hard to split the workload across multiple > nodes in a collision free way and without consuming much bandwidth while > still using JtR's incremental mode. Please see: > > http://www.openwall.com/lists/john-users/2005/11/21/2 > > (especially the last paragraph). > solar you are a living search engine, i looked in to the list archives for almost three days and never read that mesg :-) > > even the wiki has a list of jtr distributed attempt; > > This doesn't mean much. People were implementing whatever they could > think of and whatever they wanted to. that conclusion came since there were many attempt to make a distributed password cracker from john and none of them ever reached version 2.0 or something stable which doesn't core dump in the next 3 hours, but i guess my conclusions were wrong. Also i don't wanna sound lame, i truly respect all the effort that has been made in those distributed version of john, in fact they helped me a lot by looking to their source code. > > As a quick solution to this problem i thought that maybe a solution is > > to use "mask passwords list", which is not an innovative idea but could > > work; with a mask password the user has the ability to restrict the > > keyspace and it is still easy to split up chunks across the clients. > > Basically it's making a bruteforce less dumb by using human brain other > > than using heuristics and each client can easily self-produce the > > keyspace to crunch, therefore saving network bandwith. > > If I understood you correctly, you're essentially suggesting to split > the keyspace manually. Yes, this is what I recommend most of the time - > especially when the number of CPU cores to distribute the workload > across is relatively small. You might want to take a look at these > older postings: > > http://www.openwall.com/lists/john-users/2008/04/08/4 > http://www.openwall.com/lists/john-users/2005/08/24/4 yes, that idea came from reading exactly these two posts and extending it to, why do i have to manually launch (or set up a script to do that) a cracker on each core or each pc when i could do a program to do that ? however at the moment you made me look to new ways that i never thought of due to lack of knowledge in this field, so i'm going back to the bench and do some homework before saying stupid things :-) Cheers Samuele -- While various networks have become deeply rooted, and thoughts have been sent out as light and electrons in a singular direction, this era has yet to digitize/computerize to the degree necessary for individuals to become a singular complex entity. KOUKAKU KIDOUTAI Stand Alone Complex -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.