|
Message-ID: <20070103195351.927136.d1a052ab@gmail.com> Date: Wed, 3 Jan 2007 19:53:51 +0100 From: websiteaccess <websiteaccess@...il.com> To: john-users@...ts.openwall.com Subject: Incremental mode VS specific rules mode Hi, This is the question of the day. What is more efficient: Incremental alpha mode (-i:alpha) or -rules for cracking large amount of HASHED ? ------ GOOD/BAD for incremental mode ----- GOOD : incremental mode crack really fastly little words (with 6, 7 characters) GOOD : no writing of boring rules BAD: incremental test all possibility ! Even with a to z, it can take really long time (especially for passwords with more than 10 characters) ------ GOOD/BAD for rules mode ----- GOOD : the rules are powerfull. GOOD : with rules we can test only highly probably possible passwords (with some variations). GOOD : can test passwords more than 8 letters BAD : we have to write rules :( sometimes really boring. In this project I test my own new rules based on statistics frequencies letters (each language has his own frequency). I do test with raw-md5 hashes (allow passwords with more than 8 letters). NOTE: JTR with incremental is not able (with the basic JTR) cracking words longer than 8 letters, with my rules there is no limit (12 or 13 letters seems already strong password). My rules are specific for french passwords. I will do others rules for others language if needed. Of course, my actual rules can crack non-french words, but, there are more powerfull with french words. I have tested in first -i:alpha with a 2128 hashes, then the same hashes with my rules. In 2128 hashes, may be (and surely) there is a lot of passwords composed with (only may be) digits. These hashes will not be volontary cracked. I only test my rules contains only alpha (a to z), and incremental mode (-i:alpha) will use only a to z (not A-Z or/and 0-9). In this way, we can compare the same jobs. My project was do rules for crack maximum hashes in a minimum time. I give you some results, let's compare : p a s s w o r d s f o u n d w i t h length words ∙ MODE -i:alph ∙ mode -rules ------------------------------------------------ 12 ∙ 0(*) ∙ 0 11 ∙ 0(*) ∙ 1 10 ∙ 0(*) ∙ 10 9 ∙ 0(*) ∙ 34 8 ∙ 82 ∙ 135 7 ∙ 166 ∙ 173 6 ∙ 392 ∙ 341 5 ∙ 64 ∙ 61 4 ∙ 49 ∙ 47 3 ∙ 8 ∙ 0(**) ------------------------------------------------ ∙ 761 ∙ 802 ------------------------------------------------ time ∙ 12 h 06 ∙ 9 h 02 elapsed ∙ (still cracking) ∙ (100% done) ------------------------------------------------ (*) incremental mode, can't crack passwords with more 8 letters (**) rules are not configured for cracking words less 4 letters. Finally, it seems rules crack more passwords in less time. "Rules mode" has cracked 45 words with more 8 letters (hardest to crack) in less time than incremental mode (- 3h04mn) Hope this test can be usefull for someone. -- Websiteacces -- -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.