Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 2 Mar 2021 22:53:40 +0100
From: Michał Majchrowicz <sectroyer@...il.com>
To: john-users@...ts.openwall.com
Subject: Re: Implementing mixed mask attack

> FWIW, the reported speed would become lower with any kind of filtering
> even if the filtering helps reduce the total running time.

Yeah, I just assumed that with such big keyspace reduction it would
still overcome the "overhead" ;)

> It looks like you're sort of trying to do what incremental mode does on
> its own - test more likely patterns first.  Have you tried simply
> letting the default incremental mode run for a long while, and see how
> it fares against your masks?  For a fair comparison, give both runs the
> same set of hashes without anything in the pot file(s) yet.  Try this
> without splitting it across your many nodes yet, to remove the effects
> of that from comparison of the modes' basic functionality.

For now I tried both all and jumbo rules on a 133MB(version of)
rockyou.txt. Problem with "my masks" is that I don't know which one
should I use :) For now I only know remaining pws are NOT in ?l?d
keyspace of 8 char descrypt. I also tried single uppercase letter.
What remains is that either there are pws with more uppercase letters,
special chars or possible some are even not ascii. I just noticed two
patterns in pws that I found (myself or other people). On IoT devices
pws have some commond "schema" like part of company name and some
"random junk" or they are (what looks to be) completely random. I
assume also if those devices DO have telnet (enabled by default or via
some cmd) that those pws are in fact ascii. BTW thanks for the info
about --fork and openmp difference, I have created separate thread
about it. I will run increment on 32 core node for a night will see if
it finds anything :)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.