Date: Mon, 19 Nov 2012 19:08:59 +0100 From: Simon Marechal <simon@...quise.net> To: john-users@...ts.openwall.com Subject: Re: How does incremental mode works? On 11/19/2012 04:57 PM, Richard Miles wrote: > - "password" is really easier and consequently with a smaller cost (217). > - however if we are targeting real companies and not public leaks (that in > general do not enforce password policy or enforce very poor ones) I think > that "p4ssw0rd!" with a higher cost (420) will be more likely because of > password policy enforcement (such as Microsoft Windows Password Policy for > Domain Controllers) will prevent for example the use of "password" but may > accept for example "p4ssw0rd!" or "P4ssw0rd!". > - So, while I agree that Markov computes it in a very smart way I guess it > may not be the best for real target. Do you think that is possible to adapt > Markov method or create and variation to target password hashes created > with an average or strong password policy? You can use filters to reject words that do not match a given policy, but this will only be acceptable for slow hashes. The original paper I read on the topic did exactly this, but with rainbow tables. I have stuff that is somehow related to this topic for Passwords^12, so stay tuned !
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.