Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 20 Nov 2015 12:40:11 -0500
From: Rich Rumble <richrumble@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: password cracking as a subset of hash searching

On Fri, Nov 20, 2015 at 2:49 AM, magnum <john.magnum@...hmail.com> wrote:

> On 2015-11-20 08:23, Frank Dittrich wrote:
>
>> On 11/20/2015 08:09 AM, Royce Williams wrote:
>>
>>> In this blog post:
>>>
>>>
>>> http://roycebits.blogspot.com/2015/10/hash-filtering-more-than-vanity.html
>>>
>>> ... I argue that password cracking frameworks should start to
>>> incorporate searching for partial matches of hashes -- vanity hashes,
>>> partial collisions, hashes that mask specific masks, etc.
>>>
>> I can see a vanity tripcode, even slimmer a vanity BtC wallet, those are
visible to others, but your own hash or salt, even for older folks like me
have zero appeal. A vanity PGP key... ehhh who would notice. Sounds cool on
paper (or does it?), get's missed by 99.99999999 of the people who would
ever see it.

>
>>> In other words, I see password cracking (searching for hashes that
>>> exactly match known hashes) as part of a larger class of activities
>>> (searching for hashes with specific properties), and see potential for
>>> cross-pollination with related work that would ultimately benefit the
>>> project.  I point out some recent examples in the post.
>>
>> I would want my password to be memorable long before I'd want my hash/key
to be :)
-rich

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.