Date: Fri, 20 Aug 2010 18:43:31 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Consonant Vowel Patterns Brad, Minga, Hank - On Fri, Aug 20, 2010 at 09:09:19AM -0400, Brad Tilley wrote: > Thank you for the information Alexander. After testing a few mangling > patterns rather than CV patterns, I believe mangling is more efficient. > > 16crack found roughly 1,000 more hashes using mangling patterns than it > did when using CV patterns. Also, it did so in only 40 hours (rather > than 48) with a modestly sized dictionary. I posted a link to those > hashes for comparison. You could also see how many more hashes would be cracked by both approaches combined - either on two machines (which you can simulate by running the attacks sequentially - in fact, you already did) or sharing the same machine (e.g., run one attack for 24 hours, then the other for another 24 hours). Maybe that number would be higher than either of the two individual numbers even on a shared machine. This would show that multiple approaches need to be used. You can also add JtR's incremental mode to the mix and see how many new guesses that would provide (those not obtained with your approaches), and vice versa (how many new guesses your "CV approach" provides that JtR's incremental mode does not). > Why did no other team post their cracked hashes? CrackHeads did, and you did. I'm afraid I did not save our (john-users) final pre-contest-end submission, and cron jobs kept running for a while after the contest end time (a few more submissions were made as well). Besides, some entries on our cracked passwords list were actually wrong and some were "special" (please see the writeup I posted for more info). I think it'd be best for KoreLogic to release such info on all teams - on the cracked passwords the contest organizers actually accepted and how the points were assigned. Maybe two text files per team: one with cracked non-admin passwords, the other with cracked admin passwords. Then the score will be trivial to double-check. > Was it against the rules? No, I think it was fine to publish anything. Alexander P.S. BTW, your statement (on your website) that "competing teams used hundreds or thousands of cloud computing CPUs ..." is not entirely correct. From what we know, it was at most between 100 and 200 CPU cores (not CPUs). Definitely not "thousands". Also, JFYI, it was possible to get to over 8500 hashes cracked in 9 hours on approx. 6 CPU cores on average (I did that using 4 to 8 CPU cores during the contest, before first merge with the results of others on the team). This 8500 figure includes LM hash halves as individual hashes, though. Thus, the number of full cracked passwords in that set could be about 7500. (It can't be much lower than that because the total number of LM hashes was only about 2500.) I don't mean to downplay your results; I just want to point out that it's not all about CPU power. It's more about using multiple approaches, some strategy, and a lot of one's own time to direct the attacks.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.