Date: Wed, 5 Dec 2018 08:26:25 -0500 From: Powen Cheng <madtomic@...il.com> To: john-users@...ts.openwall.com Subject: Re: Most efficient way to brute force Hi Alexander, I have tested mask mode and thank you for this suggestion. As for now, I still need to figure how to create a GPU system properly before I let this system run for the real task. I am very limited with what driver and hardware I could use with Ubuntu 14.04.1 as in 16.04 the opencl was removed unless I am using Nvidia cards and I still need to get pass this error. OpenCL CL_INVALID_DEVICE (-33) error in opencl_common.c:452 - Error querying PLATFORM_NAME Thanks again for your help, Po On Tue, Nov 27, 2018 at 11:46 AM Solar Designer <solar@...nwall.com> wrote: > On Mon, Nov 26, 2018 at 08:21:58PM -0500, Powen Cheng wrote: > > This is the test setup that I am stuck with so I want to make sure that > > these two commands are the most efficient way to brute force with 8 > threads > > per video card. > > > > As per magnumripper, using two separate terminals. > > > > OMP_NUM_THREADS=8 ./john -dev=0 -node=1/2 -form=tezos-opencl > > -ses=tezos1 tezos -inc > > > > OMP_NUM_THREADS=8 ./john -dev=1 -node=2/2 -form=tezos-opencl > > -ses=tezos2 tezos -inc > > These may be fine (assuming you have at least 16 logical CPUs), but most > importantly you need to focus the attack based on what you know/recall > about the password. You previously tried asking about that, and I > recommended that you use mask mode, possibly along with other modes: > > https://www.openwall.com/lists/john-users/2018/10/28/3 > > This remains my current recommendation. Have you tried it? How? > What were the results? > > > I was told to use --incremental and I read that I could also create and > use > > my own custom Incremental. > > You could, but why would you? Chances are that whatever you know/recall > about the password is best expressed as a mask. > > > [Incremental:Custom] > > File = custom.chr > > CharCount = 95 > > MinLen = 6 > > MaxLen = 8 > > > > So to use my own custom incremental. I would simply add -inc:custom - > > is this correct? > > > > OMP_NUM_THREADS=8 ./john -dev=0 -node=1/2 -form=tezos-opencl > > -ses=tezos1 tezos -inc:custom > > > > OMP_NUM_THREADS=8 ./john -dev=1 -node=2/2 -form=tezos-opencl > > -ses=tezos2 tezos -inc:custom > > Yes, but you probably don't need to do that. > > > Since the MinLen starts at 6. I am guessing that it would start with > > 000000 up to charset? > > Then when Length of 6 is done, it would move to 7 or 0000000, etc. > > > > Please help me understand how incremental work with John. > > Under the hood, and in terms of ordering of candidate passwords tried, > it's far more complex than that. It will be switching lengths back and > forth, and will be testing weird-looking sequences of characters, trying > to optimize for non-increasing estimated probability of each being the > password. It estimates those probabilities based on previously known > passwords - the training set used when the .chr file was generated. For > the .chr files bundled with JtR, the training set is the RockYou leak. > > If you generate your own .chr file, you re-train based on whatever is in > your john.pot at that time. > > > I want to make sure that I using this brute force as efficient as > possible. > > What approach is most efficient depends on what you know/recall about > the password. > > Alexander >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.