Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 04 Aug 2012 09:10:15 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: how to analyze the efficiency of a rule?

On 2012-08-03 19:59, kzug wrote:
> Does anybody knows of a way, or a tool,  to analyze the efficiency of
> a rule?  i.e number of hits per rule. I am writing my own set of
> rules and I would like to see what hash was cracked with what rule.

You analyze the log file. Here is an example:

0:00:00:00 Proceeding with wordlist mode
0:00:00:00 - Reading next block of candidate passwords from stdin pipe
0:00:00:00 - Read block of 1 candidate passwords from pipe
0:00:00:00 - 2 preprocessed word mangling rules
0:00:00:00 - Rule #1: '$0' accepted
0:00:00:00 + Cracked ?: linkedin0
0:00:00:00 - Rule #2: '^0' accepted
0:00:00:00 + Cracked ?: 0linkedin
0:00:00:00 Session completed

You see here that the first rule cracked one hash, and the second one
cracked another. However, most formats buffer candidates so the log
would actually look like this:

0:00:00:00 Proceeding with wordlist mode
0:00:00:00 - Reading next block of candidate passwords from stdin pipe
0:00:00:00 - Read block of 1 candidate passwords from pipe
0:00:00:00 - 2 preprocessed word mangling rules
0:00:00:00 - Rule #1: '$0' accepted
0:00:00:00 - Rule #2: '^0' accepted
0:00:00:00 + Cracked ?: linkedin0
0:00:00:00 + Cracked ?: 0linkedin
0:00:00:00 Session completed

Some formats buffer thousands or even millions of candidates so this
will be impossible to parse. To force this not to happen, run with
--mkpc=1 (this only works w/ Jumbo though). That is how I made the first
log above. This may hurt performance a *lot* but it can be a gem for
experiments.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.