Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 1 Jan 2012 16:01:37 +0000
From: Alex Sicamiotis <>
To: <>
Subject: RE: Rules for realistic words

> On Sat, Dec 31, 2011 at 07:36:00PM +0000, Alex Sicamiotis wrote:
> > As for cracking techniques, over the last 16 years I've tried plenty of stuff...
> That's impressive.  You got to join our team for the KoreLogic contest
> this year if they do it again and if we participate again.

Time permitting and if it is during a winter (that's the only period I'm active in cracking) you can count me in :)

> > Normally, changing approaches etc is wasteful because you are overlapping the same stuff over and over. For example now that I'm using variation of small character files, it seems wasteful because the same would be also tried in larger .chr files. But my rationale is that if I eliminate, say, 10% of the remaining passwords in a short period, then this period has saved me a very large time for the rest of the 90% - so it's not really wasted.
> For your hash type and count, this makes sense.  For some others, it
> doesn't, as eliminating some small percentage of hashes (as cracked)
> doesn't reduce the salt count (e.g., both 250k and 300k of DES-based
> crypt(3) hashes typically result in all 4096 salts being present, so
> reducing 300k to 250k doesn't speed up further cracking).
> Alexander

Never contemplated 300k hashes scenarios, lol.... Interesting thought though.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.