hashcat Forum
Compare and contrast Passcape's rules - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: Compare and contrast Passcape's rules (/thread-2509.html)



Compare and contrast Passcape's rules - Kgx Pnqvhm - 08-11-2013

As I've mentioned before, I look at the world of file password recovery software, to get ideas of what else is going on out there, with word lists and rules. Those programs don't have 15 character limitations, and make working with multiple word lists easy, for example. They are also all commerical, and typically Russian.

But, trial versions are usually available, and can be broken out by UniExtract, to just look at the help files, word lists, and rules, if one doesn't want to bother with actually installing them.

A relatively new entry to the field are the Office password recovery programs by Passcape Software, at http://www.passcape.com/office_passwords

They have a john-like language, which I haven't compared to hashcat yet, but while most companies either have just a few sample rules, or a few KoreLogic rules, those Passcape's programs have 100,000 lines of rules. D3ad0ne's V2.1 rules distributed with hashcat have 35,000 lines. The more approachable KoreLogic rules for hashcat have around 200,000 lines while the more exotic, like KoreLogicRulesAppendNumbers_or_Specials_PrependLetter.rule alone has over 1,000,000 (one million) lines.

I'm not going to have the time to compare and contrast Passcape's rules to those known for hashcats, for a while, so am asking here, in case anyone else is interested. (E.g., are these simply a subset of KoreLogic's rules or unrelated? Are D3ad0ne's rules in there, without attribution? Or, are they unrelated? Are they any "good"? Etc.)


RE: Compare and contrast Passcape's rules - Rolf - 08-11-2013

Passware uses Korelogic's rules, they were released to the public, you know.


RE: Compare and contrast Passcape's rules - Kgx Pnqvhm - 08-11-2013

http://contest-2012.korelogic.com/faq.html

Can I get a copy of KoreLogic's password cracking rules? Are there any restrictions on their use?

Anyone may download the rules and wordlists from past years' contest sites; 2012's will be published after August 1, 2012. They are free for use by individuals or corporations for their own internal use, or for use in providing general security or IT consulting services. An important restriction is that if you use these rules in a commercial password cracking product, software, or service, KoreLogic must be credited as the provider of the rules. (Contact us if you would like to discuss alternate licensing options.)


RE: Compare and contrast Passcape's rules - Rolf - 08-11-2013

Yeah.


RE: Compare and contrast Passcape's rules - Kgx Pnqvhm - 08-11-2013

Passware openly and properly uses KoreLogic rules, but I'm asking about Passcape.


RE: Compare and contrast Passcape's rules - Rolf - 08-11-2013

In that case, no idea really.
I can ask the guy.


RE: Compare and contrast Passcape's rules - atom - 08-12-2013

Also, KoreLogicRulesAppendNumbers_or_Specials_PrependLetter.rule sounds useless for oclHashcat, we use hybrid attack for such attacks!


RE: Compare and contrast Passcape's rules - Kgx Pnqvhm - 08-17-2013

Along with re-working the KoreLogic rules for oclHashcat-plus, I'm also splitting other's rules, like Passcape's and D3ad0ne's into separate CPU and GPU rule files.

In other words, I run the original rule file on oclHashcat-plus just to get the list of rejected rules, which then becomes the CPU rules file, and then removing them from the original to get what becomes the GPU rules file.

The CPU rules get run on hashcat, and the GPU rules get run on oclHashcat-plus, so all of the rules are run, but getting the speed advantage of 'plus.


RE: Compare and contrast Passcape's rules - Kgx Pnqvhm - 08-18-2013

Passcape's rules have found passwords where D3ad0ne's and the subset of KoreLogic rules I run haven't.