Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 2 Sep 2015 20:53:24 -0800
From: Royce Williams <>
Subject: Re: Anyone looked at the Ashley Madison data yet?

On Wed, Sep 2, 2015 at 8:40 PM, JimF <> wrote:

> By far the best method of attack on a wordlist that is this extensive is to use a sniper
> method, that targets each specific hash using only information known about that
> hash (such as the user id, email, zip code, phone number, etc). That type of pinpoint
> accurate attack will crack a very surprising number.  Then a 2nd method still is very
> targeted, is to search using ONLY the absolute best words possible against all hashes,
> just a minimal amount of words at a time.  The minimal amount is the minimum that
> the software can test at one time using the current CPU (or GPU). Hopefully that number
> can be small (such as 3).  3 words tested against the entire set of hashes is about
> 500 hours (at 60/s) or about 20 days.

Reading this gave me an idea.

For very slow hashes, a "state table" -- of which words have been
tried against which hashes -- would be pretty useful.  A generic
framework for that would be neat.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.