Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 22 Aug 2011 19:30:37 +0200
From: magnum <>
Subject: Re: Unicode DumbForce

On 2011-08-08 12:15, magnum wrote:
> * Dumb16 tries all allocated codepoints in the UCS-2 part of Unicode 6.0
> (there are 15801 of them) and outputs them as UTF-8.
> * Dumb32 tries all allocated codepoints in Unicode 6.0 (there are 23296
> of them) and outputs them as UTF-8. Note that our current NT and mscash1
> formats only supports UCS-2 so using Dumb32 against them is just a waste.
> These are meant for narrowing in on a codepage for Unicode hashes, or
> for experimenting/debugging or just understanding how mindbogglingly
> huge the Unicode space is when brute forcing: For example, using Dumb16
> we can exhaust 3 characters for NT in a couple of weeks, but a 4th
> character would take 500 years. Using Dumb32 it would be thousands of
> years.

Actually the numbers are larger than stated above. My parser for the 
official Unicode data missed ranges of characters (stated only as 
"First" and "Last"). This is fixed in patch 0030.

Now, UCS-2 (Dumb16) includes 54,473 allocated characters while full 
Unicode (Dumb32) includes 109,070 characters. This means we can only 
exhaust the full set for two (2) characters fairly quick. This will take 
12 minutes running one core against NT. The third character would take 
1,5 years. The fourth would take over 80,000 years.

For full Unicode the numbers are even more discouraging, if possible. 
Exhausting four characters would take 1,3 million years (but our NT 
format currently only supports UCS-2).


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.