Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 3 Mar 2021 13:11:50 +0100
From: Solar Designer <>
Subject: Re: Implementing mixed mask attack

On Wed, Mar 03, 2021 at 12:52:29PM +0100, Micha?? Majchrowicz wrote:
> That's one of the reasons I am playing with descrypt (second is that
> it's pretty popular on IoT) I know maximum length is 8 and testing
> "anything" up to 7 chars can be done in reasonable time. So if those
> pws are ascii (as I explained I assume they are due to telnet and by
> comparing to others) it's only a matter of approach. For now I am only
> gathering data and try to come up with some conclusions. Also possible
> making any assumptions about what those IoT hashes are is pointless
> but one of my goals is to check different approaches and learn what
> works and what doesn't. Especially in situations where pure ?a mask
> attack is not an option :)

I understand you're playing with descrypt to test approaches you'd reuse
for other hashes, but FWIW "pure ?a mask" _is_ an option for descrypt.

For example, with "--format=descrypt-ztex" on 4 boards (16 FPGAs) here
it's 20 days max (10 average?) against one descrypt hash:

95^8/3800/10^6/86400 = 20.21

With hashcat, you can also have this speed on a couple of high-end GPUs.
(JtR's descrypt-opencl is currently slower on those.)

This isn't to say I'd actually use merely a mask.  I'd rather use e.g.:

--incremental --mask='?w?a?a?a'

to have 5 out of 8 characters searched in a more optimal order (and
bring the average way below 10 days).  (The mask would then be for its
implementation on-device, to avoid running into the host to device
communication bottleneck.)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.