Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 1 Jan 2012 10:20:36 +0400
From: Solar Designer <>
Subject: Re: Rules for realistic words

On Sat, Dec 31, 2011 at 07:36:00PM +0000, Alex Sicamiotis wrote:
> As for cracking techniques, over the last 16 years I've tried plenty of stuff...

That's impressive.  You got to join our team for the KoreLogic contest
this year if they do it again and if we participate again.

> Normally, changing approaches etc is wasteful because you are overlapping the same stuff over and over. For example now that I'm using variation of small character files, it seems wasteful because the same would be also tried in larger .chr files. But my rationale is that if I eliminate, say, 10% of the remaining passwords in a short period, then this period has saved me a very large time for the rest of the 90% - so it's not really wasted.

For your hash type and count, this makes sense.  For some others, it
doesn't, as eliminating some small percentage of hashes (as cracked)
doesn't reduce the salt count (e.g., both 250k and 300k of DES-based
crypt(3) hashes typically result in all 4096 salts being present, so
reducing 300k to 250k doesn't speed up further cracking).


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.