Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Nov 2012 22:32:35 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: How does incremental mode works?

On 14 Nov, 2012, at 9:26 , Simon Marechal <simon@...quise.net> wrote:

> On 14/11/2012 04:47, Solar Designer wrote:
>> I am not aware of a head-to-head comparison between these.  That said,
>> Simon Marechal (aka Bartavelle) will speak on a related topic -
>> comparing several revisions of JtR's incremental and Markov modes
>> (current and future) - at Passwords^12 in Oslo in just 3 weeks from now.
>> Indeed, we'll post the slides online afterwards.
> 
> I did not compare them properly, but will try to do it in the future.
> Until then, you should use markov instead of incremental as it seems to
> perform much better against public leaks. The "only" problem is that you
> must be able to estimate how long you wish to run JtR, and be able to
> compute how many passwords will be tested as a result.

So exactly what data was used for creating the current stats file? I seem to recall we had Markov before the Rockyou leak but I don't recall any update of the stats file (I may be wrong though).

It would be interesting to (also) compare Markov and Incremental when trained from the exact same dataset. Incremental should be better then, getting rid of more candidates early on.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.