Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CA+E3k92RqRb5V_3eJL5Pkfc1S-HkbYBETe7jS9nBo82Ox__9fg@mail.gmail.com>
Date: Sun, 5 Sep 2021 08:45:24 -0800
From: Royce Williams <royce@...hsolvency.com>
To: john-dev <john-dev@...ts.openwall.com>
Subject: Re: precomputed attacks for john: rainbow tables and other ways

On Sun, Sep 5, 2021 at 8:38 AM Aleksey Cherepanov <
aleksey.4erepanov@...il.com> wrote:

> descrypt is an interesting target because its keyspace is on border of
> what could be computed in a year. It is salted, but there are only 4096
> different salts. So either separate tables could be prepared, or just
> one table for a random salt would be ok to be able to crack a few hashes
> to uncover missing patterns.
>
> For a few descrypt hashes I might want to prepare a RT like full 7-bit
> byte x 5 positions, so I would be able to run it and say: ok, remaining
> passwords are longer than 5 chars and I don't miss utf-8 in short
> passwords.
>

descrypt is indeed an interesting "middle ground" case - perhaps one of the
only mainstream cases in which exhausting the "salt space" might prove
interesting.

A while back, I did some crude caching of all descrypt salts for targeted
terms here:

https://github.com/roycewilliams/kens-salty-rainbow

And yes, I'm deliberately making ironic use of the word "rainbow" here. :D

Royce

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.