Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 4 Aug 2012 12:51:11 -0600
From: Stephen John Smoogen <smooge@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: how to analyze the efficiency of a rule?

On 4 August 2012 01:10, magnum <john.magnum@...hmail.com> wrote:
> On 2012-08-03 19:59, kzug wrote:
>> Does anybody knows of a way, or a tool,  to analyze the efficiency of
>> a rule?  i.e number of hits per rule. I am writing my own set of
>> rules and I would like to see what hash was cracked with what rule.
>
> You analyze the log file. Here is an example:
>
> 0:00:00:00 Proceeding with wordlist mode
> 0:00:00:00 - Reading next block of candidate passwords from stdin pipe
> 0:00:00:00 - Read block of 1 candidate passwords from pipe
> 0:00:00:00 - 2 preprocessed word mangling rules
> 0:00:00:00 - Rule #1: '$0' accepted
> 0:00:00:00 + Cracked ?: linkedin0
> 0:00:00:00 - Rule #2: '^0' accepted
> 0:00:00:00 + Cracked ?: 0linkedin
> 0:00:00:00 Session completed
>
> You see here that the first rule cracked one hash, and the second one
> cracked another. However, most formats buffer candidates so the log
> would actually look like this:
>
> 0:00:00:00 Proceeding with wordlist mode
> 0:00:00:00 - Reading next block of candidate passwords from stdin pipe
> 0:00:00:00 - Read block of 1 candidate passwords from pipe
> 0:00:00:00 - 2 preprocessed word mangling rules
> 0:00:00:00 - Rule #1: '$0' accepted
> 0:00:00:00 - Rule #2: '^0' accepted
> 0:00:00:00 + Cracked ?: linkedin0
> 0:00:00:00 + Cracked ?: 0linkedin
> 0:00:00:00 Session completed
>
> Some formats buffer thousands or even millions of candidates so this
> will be impossible to parse. To force this not to happen, run with
> --mkpc=1 (this only works w/ Jumbo though). That is how I made the first
> log above. This may hurt performance a *lot* but it can be a gem for
> experiments.

Cool. I usually end up breaking the rules into a huge file of 1 rule
per ruleset.. [talk about inefficient :)]

> magnum
>



-- 
Stephen J Smoogen.
"Don't derail a useful feature for the 99% because you're not in it."
Linus Torvalds
"Years ago my mother used to say to me,... Elwood, you must be oh
so smart or oh so pleasant. Well, for years I was smart. I
recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.