Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 13 Apr 2012 21:25:33 +0200
From: magnum <john.magnum@...hmail.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: automation equipped working place of hash cracker, proposal

That's exactly what I mean. And this is hard to do automatically but not impossible I suppose. 

magnum



On 13 apr 2012, at 21:14, Aleksey Cherepanov <aleksey.4erepanov@...il.com> wrote:

> On Fri, Apr 13, 2012 at 08:08:49PM +0200, magnum wrote:
>> On 04/13/2012 04:39 PM, Aleksey Cherepanov wrote:
>>> It is common to rebuild chr files to improve incremental mode having some
>>> passwords cracked.
>> 
>> This is common and often very rewarding. What we should not forget
>> though, is that this will emphasize the errors we made in the first
>> case. Suppose we crack 30% of the passwords but for some reason we
>> almost always miss character 'z' (in real life it may be a handful or
>> more of 8-bit or UTF-8 characters) which (very) theoretically could be
>> present in 50% of the total. After rebuilding chr-files we are
>> amplifying this error and will try even fewer (perhaps none) candidates
>> containing character 'z'. And so on.
> 
> It is a bit like attack against pattern: for certain attack we reduce
> candidates set to crack part faster at the price that this attack cracks only
> part.
> 
> During contest we wrote rules to make candidates for pattern being most
> probable. But we could try incremental mode: find pattern, build chr only
> for these passwords, do incremental mode.
> 
> It is not as close as well written rules but is easy to be done if you know
> regexps (or even without it but being patient enough to select pattern by
> hands, manually) but do not know rules (and do not want to write specific
> generator as a separate program).
> 
> On the other hand if we crack only small part of pattern then we could
> underestimate it and write rules that describe only a part of real pattern.
> So some generalization could be helpful but this needs statistics I think.
> Could we estimate probability of not yet cracked hash to be from password that
> is from certain pattern?
> 
> For instance, we found a lot of passwords of form 'llld' (where l is for
> letter and d is for digit) and some passwords of form 'lllddd' and we know
> that we cracked too few passwords of length 6 so we could assume that there
> are more passwords of form 'lllddd'. Right?
> 
> Regards,
> Aleksey Cherepanov
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.