Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 14 Nov 2012 20:54:09 -0500
From: "Matt Weir" <cweir@...edu>
To: <john-users@...ts.openwall.com>
Subject: RE: How does incremental mode works?

>> It would be interesting to (also) compare Markov and Incremental when
trained from the exact same dataset. 
>> Incremental should be better then, getting rid of more candidates early
on.

Here you go. I wrote this up a couple of years ago so some of the
statements, (such as Markov mode causing segfaults), no longer are true but
the head to head comparisons between Markov and Incremental modes should
still be accurate unless Solar updated Incremental since then.

http://reusablesec.blogspot.com/2009/11/analysis-of-10k-hotmail-passwords-pa
rt.html

http://reusablesec.blogspot.com/2010/01/analysis-of-10k-hotmail-passwords-pa
rt.html

I admit, I still tend to favor Incremental mode simply because I'm normally
too lazy to calculate how long I want it to run and I don't want to check in
on it every day to see if I need to restart a session with a different
bottom/top probability limit. Yes, I could script something to automatically
do that for me, but let me refer to my lazy comment again ;p

Last night I started to do a similar comparison between JtR's bruteforce
modes and Hashcat's Bruteforce++ mode but who knows if I'll ever get around
to finishing that comparison... As a quick overview Hashcat's
statsprocesser, (which is used in Bruteforce++) started out, (aka back in
version 0.01), resembling JtR's Markov mode, but the current version is much
more like Incremental mode. I don't know the under the hood mechanisms of
exactly how it generates its guesses though. 

This is probably a good time to say that you can use JtR's modes with
Hashcat and Hashcat's modes with JtR. Aka both JtR and Hashcat allow you to
pipe in guesses from other programs. JtR allows you to pipe out guesses
directly (using the -stdout option), and Hashcat has the statsprocesser
program which you can use. BTW the filter overlay in statsprocessor is
*really* nice as it makes it much easier when cracking hashes where there's
password creation requirements, (aka must have at least one uppercase
character).

Matt

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.