Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 6 Aug 2010 09:20:41 +0400
From: Solar Designer <>
Subject: try all small character sets (too few different characters)


The attached external mode, called Subsets, will generate candidate
passwords from many small subsets of characters from a much larger full
character set.  This will test for passwords containing too few
different characters.

When applied to the contest NTLM hashes with its default settings
(lengths 1 to 8, up to 3 different characters), it cracks 25 passwords
in under 6 minutes (on one modern CPU core).  That's not too exciting:
many times more are crackable in the same amount of time with other
attacks, and many of the 25 would be quickly cracked with other attacks
too.  However, a few of them would be more difficult to crack by other
means.  When re-configured for lengths 9 to 10 (still up to 3 different
characters), it cracks 16 passwords in 48 minutes.  The first one of
these 16 is cracked in 1 second, and all of them look like they could be
more difficult to crack by other means.  Going to 4 different characters
would result in more cracks, but the attack duration would increase a
lot (yet this may be worth a try).

First test run, lengths 1 to 8:

ac               (ewakham)
te               (ceyerman)
guesses: 2  time: 0:00:00:02  c/s: 165696M  trying: **m m* m - **m* *m 
747!!            (dstrawhorn)
guesses: 3  time: 0:00:00:19  c/s: 125115M  trying: !QQQQy!Q - !QQQyyQy
guesses: 3  time: 0:00:01:35  c/s: 121405M  trying: fE)Ef)Ef - fE)f)E))
1111110*         (cwintermantel)
guesses: 4  time: 0:00:01:45  c/s: 121337M  trying: i**OiiO - i*O***i
guesses: 4  time: 0:00:02:28  c/s: 121134M  trying: /upp/up/ - /upppuup
00000B30         (pcerceo)
00000Z99         (iblasetti)
00000T>0         (tciubal)
r00tr00t         (hstanchfield)
2222221|         (kginard)
6G161            (lmorrical)
guesses: 10  time: 0:00:02:38  c/s: 121106M  trying: 1uu1>uu1 - 1uu>111>
333333}4         (dcoppedge)
guesses: 11  time: 0:00:03:03  c/s: 121043M  trying: k44dkkd - k4d444k
55555R]5         (jbrozie)
guesses: 12  time: 0:00:03:10  c/s: 121040M  trying: l555tl5l - l55l5llt
guesses: 12  time: 0:00:04:15  c/s: 120935M  trying: cA|cccc| - cA|c||AA
Art              (tseabright)
Bay              (hebia)
Def              (tpayment)
Ida              (rjez)
Jazz             (csrour)
New              (fburkey)
guesses: 18  time: 0:00:05:03  c/s: 120887M  trying: sOsSsOss - sOssOSSO
bla              (nmangiamele)
asv              (rgorlich)
fco              (mduplaga)
oneone           (kamey)
glgr             (sdudas)
whi              (tversluis)
sixsix           (sdanekas)
guesses: 25  time: 0:00:05:46  c/s: 120781M  trying: ~~~~~~}| - ~~~~~~~~

Second test run, lengths 9 to 10:

???????:::       (notinger_admin)
guesses: 1  time: 0:00:00:01  c/s: 188811M  trying: l```l```l` - l``l`````l
guesses: 1  time: 0:00:07:24  c/s: 113066M  trying: iiiii$}i$ - iiiiii}}i
77&777722        (cbuetow)
guesses: 2  time: 0:00:09:13  c/s: 114034M  trying: 9&96&&&669 - 9&96&&69&&
guesses: 2  time: 0:00:14:12  c/s: 114131M  trying: 22**2*2*2D - 22**2*D2**
99999959*        (csposato)
sssssss>*        (sgravelle)
guesses: 4  time: 0:00:14:42  c/s: 113119M  trying: *b*bA*bA* - *b*bAAbbA
guesses: 4  time: 0:00:16:47  c/s: 113697M  trying: ,8,,>8,>,8 - ,8,,>88>8>
000000}10        (fsellen)
0~0000020        (elandini)
000000Q08        (mdudney)
111111N16        (uspecken)
aaaaaa11>        (eseip)
44444424<        (buzzo)
guesses: 10  time: 0:00:22:58  c/s: 114932M  trying: AA22722277 - AA227272AA
55~555575        (fpickford)
99999995;        (sheyne)
99999977@        (nknezevic)
?7777777[        (dmerlin)
{7777777]        (thashaway)
guesses: 15  time: 0:00:32:24  c/s: 115828M  trying: =[=H===[=[ - =[=H==H[[=
guesses: 15  time: 0:00:40:00  c/s: 116232M  trying: YYXYJXJJJX - YYXYJXXJXY
whthtwhtht       (mloots)
guesses: 16  time: 0:00:47:46  c/s: 116549M  trying: ~~~~~~~}|| - ~~~~~~~~~~


View attachment "subsets" of type "text/plain" (3293 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.