Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20210502213855.GA4572@openwall.com>
Date: Sun, 2 May 2021 23:38:55 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: source of information for John's charset files

On Sun, May 02, 2021 at 11:21:34PM +0200, Solar Designer wrote:
> Anyway, I just ran some tests the other way around - "cracking" RockYou
> passwords.  I didn't try excluding RockYou itself from the training sets
> here - can't do that while including our current .chr files in the
> comparison.  So this is in-sample testing, which is generally a wrong
> thing to do, but with that in mind here are the results for different
> training sets (all are for incremental mode and 1 billion candidates):
> 
> RockYou with dupes - 20.2%
> RockYou unique - 21.9%
> HIBPv7 cracked - 17.9%
> 
> The percentages cracked are those of RockYou unique.
> 
> Not surprisingly, RockYou is best fit for itself.  HIBP is an acceptable
> fit as well.  It could have potentially performed better than RockYou
> on this test due to its larger size, but as we can see that was not
> enough to overcome it not being such a perfect fit as RockYou itself.

FWIW, RockYou unique being best fit for itself persists after I shuffled
it and split it into a 1M test set and 13.3M training set (no matching
passwords in the sets, but both sets are parts of RockYou).  Got 21.5%.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.