Date: Wed, 3 Mar 2021 12:52:29 +0100 From: Michał Majchrowicz <sectroyer@...il.com> To: john-users@...ts.openwall.com Subject: Re: Implementing mixed mask attack > So there are two approaches here: > > 1. Manually identify portions of keyspace to test next, keep track of > what you've already tested, exclude that from further runs. Rinse and > repeat. Tricky, can be a lot of effort, easy to get wrong or suboptimal > (miss a portion of keyspace, or have something tested multiple times), > generally also not optimal order of candidate passwords tested (thus, > lower successful guess rate). This sounds pretty bad, but the advantage > is that you can then know and describe which portions you've completed - > and not in terms of implementation specifics, but in simple terms (list > the specific patterns). This is level of detail that I like as I would like to know what works and what doesn't. > 2. Let JtR's incremental mode take care of all of this. That's one of the reasons I am playing with descrypt (second is that it's pretty popular on IoT) I know maximum length is 8 and testing "anything" up to 7 chars can be done in reasonable time. So if those pws are ascii (as I explained I assume they are due to telnet and by comparing to others) it's only a matter of approach. For now I am only gathering data and try to come up with some conclusions. Also possible making any assumptions about what those IoT hashes are is pointless but one of my goals is to check different approaches and learn what works and what doesn't. Especially in situations where pure ?a mask attack is not an option :)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.