Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 2 Feb 2018 15:51:06 -0500
From: Matt Weir <cweir@...edu>
To: john-users@...ts.openwall.com
Subject: Re: Markov mode and number of guess

Hi Matlink,
    To answer your question, let me refer you to the JtR Wiki page on
Markov mode.

http://openwall.info/wiki/john/markov

As a short answer, after you generate your stats file, (or if you are
going to use the default stats file), run the 'genmkvpwd' command with
the length info you are targeting to see how many guesses will be
generated for different levels. For example:

./genmkvpwd statfile max_lvl [max_len] [start] [end]

$ ./genmkvpwd stats 0 12
lvl=100 (2424 Kb for nbparts) 9846 possible passwords
lvl=101 (2448 Kb for nbparts) 10 K possible passwords (10849)
lvl=102 (2472 Kb for nbparts) 11 K possible passwords (11915)
lvl=103 (2496 Kb for nbparts) 13 K possible passwords (13104)
lvl=104 (2520 Kb for nbparts) 14 K possible passwords (14446)
...
lvl=346 (8328 Kb for nbparts) 440023 G possible passwords (440023594138549)
lvl=347 (8352 Kb for nbparts) 478482 G possible passwords (478482142956335)
lvl=348 (8376 Kb for nbparts) 520144 G possible passwords (520144425218940)
lvl=349 (8400 Kb for nbparts) 565264 G possible passwords (565264299077832)
lvl=350 (8424 Kb for nbparts) 614114 G possible passwords (614114588006381)

Using the above example, for that statsfile, targeting passwords of
length 0 - 12, if you set the level to 104 it would generate 14446
password guesses.

The format for actually using Markov mode is ... a bit weird. Taken
from the wiki:

–markov[=level[:start:end[:maxlen]]]

So using the above example of starting a new run with a level of 104,
with a max length of 12 you would use

--markov=104:0:0:12

I know, the 0:0 is weird but that means you will try everything. You
could also do 0:14446. The reasoning behind this option is to let you
split up processing Markov mode on different threads.

Backing up a step, I generally recommend using Incremental mode in JtR
vs. Markov mode. For most cracking scenarios incremental is way better
from a practical real world standpoint. Markov is more useful for
academic research, or fixed runs where you know exactly how your
hardware performs and how long you want to invest in a cracking
session. The following writeups I did on the differences between the
two modes are out of date, but still might provide a bit of insight
into what each mode does under the hood:

http://reusablesec.blogspot.com/2009/11/analysis-of-10k-hotmail-passwords-part.html

http://reusablesec.blogspot.com/2010/01/analysis-of-10k-hotmail-passwords-part.html

Cheers,
Matt

On Fri, Feb 2, 2018 at 3:16 PM, Solar Designer <solar@...nwall.com> wrote:
> On Tue, Jan 30, 2018 at 05:09:15PM +0100, Matlink wrote:
>> is it easy to ask, in --markov mode, JTR to output at least N words,
>> according to a .stats file created with calc_stat?
>
> I have no answer to this (I'm not familiar with Markov mode, and am not
> using it).  I'd appreciate it if someone else in the community answers.
>
> Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.