Date: Sun, 14 Feb 2010 07:58:40 +0300 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Replacement for all.chr based on "Rock You" Passwords. URL inside. On Fri, Feb 12, 2010 at 01:47:04AM +0100, Magnum P. I. wrote: > ... How about making a combined charset (or stats file) from > both rockyou.com *and* phpbb.com datasets (provided you've got the phpbb > one, I don't have it and can't find it) and see if it performs better or > worse in the test cases (particularly the myspace and faithwriters > tests) than they do separately? I guess at some point a charset file > will become too "diluted". If Solar has the "source" for the original > charsets, it would also be interesting to test if including that one too > in a 'mega charset' would increase or decrease the performance in those > cases. The problem with this is that the RockYou list is so large that adding to it won't make much of a difference - until we possibly have other similarly large lists. For example, if we add a 300k list to RockYou's 32M list, the combined list will be 99% RockYou. Maybe we need to define and implement some sort of weighted averaging. We can do something like this for common passwords (those appearing on the lists more than once) by means external to JtR. However, for the trigraph, digraph, and character frequencies in passwords appearing only once, this averaging over multiple input data sets will have to be integrated into JtR's charset.c. Well, or maybe it could be applied to ordered character lists and the "cracking order" array already in .chr files, combining several .chr files for different data sets into one. This would take a new program yet to be developed. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.