Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 11 Dec 2012 09:01:32 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Hashcat BF++ vs JtR Incremental and Markov Modes

On 11 Dec, 2012, at 6:43 , Matt Weir <cweir@...edu> wrote:
> So I've been playing around with Hashcat's Brutefoce++ mode and I figured I
> should share my findings with everyone else.

Thanks, very interesting. I had absolutely no idea HC was this far behind, I hope BF++ will be enhanced over time.

While the results does not trigger any interest in BF++ I'd like to revisit the difference between "our" alternatives:

> As far as how they compare, given the same number of guesses Markov mode
> will almost always crack more passwords than Incremental mode does. I'm
> still looking into why that's the case, but if you know exactly how long
> your cracking session will be Markov mode is the way to go. That being said,
> since Markov mode requires you to specify a limit, if you don't know how
> long your password cracking session will be (or you want to crack a password
> as quickly as possible and then just stop) Incremental mode is a better
> option.

This makes me wonder if it would be possible to tweak Incremental to perform even better.

Is this true even for shorter runs? I have followed your tests in the past but I do not remember if this was tested specifically. I mean, let's say we are attacking a really slow hash so we only get to try eg. 25 million candidates total, or worse just 2.5 million candidates or even only 250K. Testing eg. those three situations given same training and test sets, will Markov always win over Incremental or is there a magic spot somewhere?

Solar may fill in the blanks here but I think I our current "contest edition" implementation of Incremental (that will eventually be properly implemented in Core) is better at sorting out the exact cracking order than the current release code. Maybe you could try to graph this? A "Jumbo vs Contest Edition" test. The results would tell us how important this is, or isn't.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.