Date: Wed, 3 Mar 2021 12:35:19 +0100 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: Implementing mixed mask attack On Tue, Mar 02, 2021 at 10:53:40PM +0100, Micha?? Majchrowicz wrote: > For now I tried both all and jumbo rules on a 133MB(version of) > rockyou.txt. Great. > Problem with "my masks" is that I don't know which one > should I use :) For now I only know remaining pws are NOT in ?l?d > keyspace of 8 char descrypt. I also tried single uppercase letter. > What remains is that either there are pws with more uppercase letters, > special chars or possible some are even not ascii. I just noticed two > patterns in pws that I found (myself or other people). On IoT devices > pws have some commond "schema" like part of company name and some > "random junk" or they are (what looks to be) completely random. I > assume also if those devices DO have telnet (enabled by default or via > some cmd) that those pws are in fact ascii. So there are two approaches here: 1. Manually identify portions of keyspace to test next, keep track of what you've already tested, exclude that from further runs. Rinse and repeat. Tricky, can be a lot of effort, easy to get wrong or suboptimal (miss a portion of keyspace, or have something tested multiple times), generally also not optimal order of candidate passwords tested (thus, lower successful guess rate). This sounds pretty bad, but the advantage is that you can then know and describe which portions you've completed - and not in terms of implementation specifics, but in simple terms (list the specific patterns). 2. Let JtR's incremental mode take care of all of this. Easy in terms of getting the attack running and having it test candidate passwords in an optimized order. No need for any manual adjustments, restarts, etc. Just let it run for any duration you like, interrupt at any time. You can then continue, interrupt again, continue again - all of this easily (as long as you preserve the .chr and .rec files. However, a drawback is that you cannot describe which portions you've completed other than in terms of those implementation-specific files. There's also a mixed approach: 3. Use incremental mode, but do separate runs for low lengths (or a range in one run), so that you'd know you've searched those to completion. Let your main never-ending incremental mode run switch lengths as it deems optimal, but only among higher lengths that you can't search exhaustively e.g. in the first day. This is slightly less optimal in terms of expected successful guess rate (but not as bad as masks), and it does let you describe some of what you've completed. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.