Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 3 Jan 2007 19:53:51 +0100
From: websiteaccess <websiteaccess@...il.com>
To: john-users@...ts.openwall.com
Subject: Incremental mode VS specific rules mode

Hi,

 This is the question of the day. What is more efficient: Incremental 
alpha mode (-i:alpha) or -rules for cracking large amount of HASHED ?


 ------ GOOD/BAD for incremental mode -----
 GOOD : incremental mode crack really fastly little words (with 6, 7 
characters)
 GOOD : no writing of boring rules
 BAD: incremental test all possibility ! Even with a to z, it can take 
really long time (especially for passwords with more than 10 characters)

------ GOOD/BAD for rules mode -----
GOOD : the rules are powerfull.
GOOD : with rules we can test only highly probably possible passwords 
(with
             some variations).
GOOD : can test passwords more than 8 letters
BAD : we have to write rules :( sometimes really boring.


 In this project I test my own new rules based on statistics frequencies
letters (each language has his own frequency).

 I do test with raw-md5 hashes (allow passwords with more than 8 
letters).

 NOTE: JTR with incremental is not able (with the basic JTR) cracking 
words longer than 8 letters, with my rules there is no limit (12 or 13 
letters seems already strong  password).

 My rules are specific for french passwords. I will do others rules for 
others language if needed.
 Of course, my actual rules can crack non-french words, but, there are 
more powerfull with french words.

 I have tested in first -i:alpha with a 2128 hashes, then the same 
hashes with my rules.

 In 2128 hashes, may be (and surely) there is a lot of passwords 
composed with (only may be) digits. These hashes will not be volontary 
cracked.
 I only test my rules contains only alpha (a to z), and incremental 
mode (-i:alpha) will use only a to z (not A-Z or/and 0-9). In this way, 
we can compare the same jobs.

 My project was do rules for crack maximum hashes in a minimum time.


 I give you some results, let's compare :


                                   p a s s w o r d s  f o u n d w i t h
     length words      ∙    MODE -i:alph   ∙   mode -rules
------------------------------------------------
         12                  ∙           0(*)           ∙	 0
         11                  ∙           0(*)           ∙	 1
         10                  ∙           0(*)           ∙	10
          9                   ∙           0(*)           ∙	34
          8                   ∙          82              ∙       135
          7                   ∙         166             ∙       173
          6                   ∙         392             ∙       341
          5                   ∙          64              ∙	61
          4                   ∙          49              ∙	47
	3                   ∙           8               ∙	 0(**)	
------------------------------------------------
			∙	 761		∙	802
------------------------------------------------
	time		∙         12 h 06	 ∙      9 h 02
        elapsed		∙     (still cracking)   ∙ (100% done)
------------------------------------------------

(*) incremental mode, can't crack passwords with more 8 letters
(**) rules are not configured for cracking words less 4 letters.

 Finally, it seems rules crack more passwords in less time.

 "Rules mode" has cracked 45 words with more 8 letters (hardest
 to crack) in less time than incremental mode (- 3h04mn)

 Hope this test can be usefull for someone.

 -- Websiteacces --
 

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.