Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <023b01cdc2d4$1afc9ab0$50f5d010$@edu>
Date: Wed, 14 Nov 2012 20:54:09 -0500
From: "Matt Weir" <cweir@...edu>
To: <john-users@...ts.openwall.com>
Subject: RE: How does incremental mode works?

>> It would be interesting to (also) compare Markov and Incremental when
trained from the exact same dataset. 
>> Incremental should be better then, getting rid of more candidates early
on.

Here you go. I wrote this up a couple of years ago so some of the
statements, (such as Markov mode causing segfaults), no longer are true but
the head to head comparisons between Markov and Incremental modes should
still be accurate unless Solar updated Incremental since then.

http://reusablesec.blogspot.com/2009/11/analysis-of-10k-hotmail-passwords-pa
rt.html

http://reusablesec.blogspot.com/2010/01/analysis-of-10k-hotmail-passwords-pa
rt.html

I admit, I still tend to favor Incremental mode simply because I'm normally
too lazy to calculate how long I want it to run and I don't want to check in
on it every day to see if I need to restart a session with a different
bottom/top probability limit. Yes, I could script something to automatically
do that for me, but let me refer to my lazy comment again ;p

Last night I started to do a similar comparison between JtR's bruteforce
modes and Hashcat's Bruteforce++ mode but who knows if I'll ever get around
to finishing that comparison... As a quick overview Hashcat's
statsprocesser, (which is used in Bruteforce++) started out, (aka back in
version 0.01), resembling JtR's Markov mode, but the current version is much
more like Incremental mode. I don't know the under the hood mechanisms of
exactly how it generates its guesses though. 

This is probably a good time to say that you can use JtR's modes with
Hashcat and Hashcat's modes with JtR. Aka both JtR and Hashcat allow you to
pipe in guesses from other programs. JtR allows you to pipe out guesses
directly (using the -stdout option), and Hashcat has the statsprocesser
program which you can use. BTW the filter overlay in statsprocessor is
*really* nice as it makes it much easier when cracking hashes where there's
password creation requirements, (aka must have at least one uppercase
character).

Matt

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.