|
Message-ID: <CA+E3k90tGFpa=QFtJGfSVu0HW3kRvMQsBESTzjKAteAGhH3M_g@mail.gmail.com> Date: Wed, 2 Sep 2015 20:53:24 -0800 From: Royce Williams <royce@...ho.org> To: john-users@...ts.openwall.com Subject: Re: Anyone looked at the Ashley Madison data yet? On Wed, Sep 2, 2015 at 8:40 PM, JimF <jfoug@....net> wrote: > By far the best method of attack on a wordlist that is this extensive is to use a sniper > method, that targets each specific hash using only information known about that > hash (such as the user id, email, zip code, phone number, etc). That type of pinpoint > accurate attack will crack a very surprising number. Then a 2nd method still is very > targeted, is to search using ONLY the absolute best words possible against all hashes, > just a minimal amount of words at a time. The minimal amount is the minimum that > the software can test at one time using the current CPU (or GPU). Hopefully that number > can be small (such as 3). 3 words tested against the entire set of hashes is about > 500 hours (at 60/s) or about 20 days. Reading this gave me an idea. For very slow hashes, a "state table" -- of which words have been tried against which hashes -- would be pretty useful. A generic framework for that would be neat. Royce
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.