Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20150106073454.GA27627@openwall.com>
Date: Tue, 6 Jan 2015 10:34:54 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: PRINCE approach from hashcat

On Mon, Jan 05, 2015 at 01:21:34PM -0500, Matt Weir wrote:
> I ran some tests with PRINCE and posted the results here:
> http://reusablesec.blogspot.com/2014/12/tool-deep-dive-prince.html. I need
> to model a longer cracking session but I was pleasantly surprised with how
> well it did.

Thanks!  Your "Experiment 3) PRINCE and JtR Wordlist + Incremental mode
targeting the MySpace list" is interesting and relevant.  PRINCE does
perform surprisingly well there.  Something to note, however, is that
per atom's Passwords14 talk, PRINCE is intended for slow hashes, whereas
per your test results it performed slightly worse than JtR incremental
during the first 1 billion guesses (which is often more than would be
tested against slow hashes in a non-targeted attack).  It did crack 1.5%
more of the passwords than JtR's incremental by 10 billion guesses.  So
it appears to be a good thing to have in the arsenal, but not exactly a
slow hash focused mode.  In fact, zoom-ins for first 1 billion and first
100M guesses would be interesting to see.  (Less than 100M would be
interesting too, but then you'd need to perform extra test runs with
less wordlist pre-cracking, because it's kind of pointless to compare
PRINCE vs. incremental at less than 100M when you pre-crack ~100M with a
wordlist.  To simulate attacks on slow hashes, the amounts of
pre-cracking and PRINCE/incremental need to stay sane with respect to
each other.)

I am also curious about the lengths distribution among cracked
passwords.  I guess with PRINCE the average cracked password length is
higher than with JtR's incremental.  Is this so?  Especially if you
exclude the wordlist pre-cracked passwords from the length statistics.

Then, what's the total percentage of passwords cracked by PRINCE and
JtR's incremental combined?  You got PRINCE to 72.5% and incremental to
71%, but if you combine the two at the 10 billion mark, would you get
e.g. 75%?  What about 5 billion mark (so 10 billion total for both, thus
comparable to the end results for the two modes individually)?

Finally, you write: "JtR Incremental=UTF8, (equivalent to "ALL" in the
older version of JtR)".  I think the equivalent to 1.7.9's "All" is
1.8's "ASCII", not 1.8-jumbo's "UTF8".  I don't know if this affected
your results significantly (and how) or not.  I'd be curious to know the
answer to that: if "UTF8" performs better than "ASCII" on your test,
maybe we'd want to make it the default in jumbo.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.