|
Date: Sat, 5 May 2018 11:34:15 -0700 From: Eric Oyen <eric.oyen@...il.com> To: john-users@...ts.openwall.com Subject: Re: failed to break my own created password will any of the BitCoin specific GPU modules (hardware) work for this? those are relatively cheap and can be run from a USB hub. I have a Rasberry pie unit here that I am dedicating to Software Defined Radio (as a air spy server) but with the of a couple of these modules, it can also double as a BitCoin mining node as well as solving for password strength. btw, I still have JTR running on the mac mini working on that password hash. I set min length to 8 characters and max length to 18 characters and am allowing only the use of 2 symbols (! and .). I am letting it run incrementally on the problem and will leave it alone. Since that is a multicore machine, I have multiple instances running (1 per core) and each one is set for it's own min and max length settings). I will get this, but it is going to take a little longer than I planned on. I might kill off one of the instances and do a run based on info given in this thread. thanks for the helpful hints. -eric PGP fingerprint: 6DFB D6B0 3771 90F1 373E 570C 7EA2 1FF3 6B68 0386 On May 5, 2018, at 7:43 AM, Solar Designer wrote: > On Sat, May 05, 2018 at 01:55:45PM +0000, Royce Williams wrote: >> If you suspect a typo, a variety of typos can also be simulated. Here's a >> crude example of how to generate some rules for mis-key (rather than >> transposition) typos: >> >> https://gist.github.com/roycewilliams/9d8e98587cff105b2e05a9f0e8de8371 > > To do something different but similar (overstrikes and inserts) with > JtR, put the supposed password in a wordlist file and use --rules=oi. > This ruleset is already included in recent bleeding-jumbo, but in case > of using an older version here it is: > > [List.Rules:oi] > o[0-9A-Z][ -~] > i[0-9A-Z][ -~] > o[0-9A-E][ -~] Q M o[0-9A-E][ -~] Q > i[0-9A-E][ -~] i[0-9A-E][ -~] > > This does one overstrike/insert up to length 36 and two up to length 14. > With a fast hash like Eric's, this is very quick. > > If leetization might have been applied to the original password, then it > may also be passed through --external=Leet or the masks previously > posted in here may be used prior to applying the rules above (with a > separate invocation of JtR). > > On Fri, May 04, 2018 at 10:12:21PM -0700, Eric Oyen wrote: >> unbreakable without considerably greater resources than I have here. > > Based on what you tell, this is primarily about adjusting the attacks > you run and to a lesser extent about the resources you have. > >> To that end, I am now considering a cluster approach using NFS as the primary filesystem and having a number of nodes all running JTR and all taking and putting data into the right files (this way, the load can be split). > > Bad idea, unless you'd do it for fun. With just one hash to crack on > just a few systems, it'll be easier for you to run different attacks or > use the --node option on those nodes manually. And no need for shared > storage. You'll take the one cracked password from whatever system > cracks it. > >> the man page is woefully under documented/incomplete. > > Like I said, there's no official man page. There's only Debian's. Just > don't use it - use our documentation under doc/ instead - but then it's > probably too detailed. > >> I will see if I can acquire a number of older machines > > Bad idea, unless you'd do it for fun. A factor of 10 or so difference > in speed is very unlikely to result in your password getting cracked. > In terms of improving your chances, your time is better spent on > adjusting the attacks you run. > > Also, if you do want to buy extra hardware anyway, buy some recent GPUs > rather than some old machines. And perhaps you already have some GPUs > you could use, as well. > >> (something in the range of 8 to 10 years old as they are dirt cheap) > > They're also slow and not worth your time, unless you'd do it for fun. > > Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.