hashcat Forum
Comments on UNHash talk at 31c3 - Printable Version

+- hashcat Forum (https://hashcat.net/forum)
+-- Forum: Misc (https://hashcat.net/forum/forum-15.html)
+--- Forum: General Talk (https://hashcat.net/forum/forum-33.html)
+--- Thread: Comments on UNHash talk at 31c3 (/thread-3934.html)

Comments on UNHash talk at 31c3 - atom - 12-30-2014

For those who haven't seen it, here's a link to the talk:

http://mirror.netcologne.de/CCC/congress/2014/h264-hd/31c3-5966-en-de-UNHash_-_Methods_for_better_password_cracking_hd.mp4

My comments on this:
  • The first 10 minutes is mostly about default password stuff
  • Default password stuff is mostly interessting for pentesters, not so much for forensics
  • UNHash specific background seem to start at ~ 10:20
  • I disagree, you can't crack (preimage) MD5 with only pen and paper (10:48)
  • Agree, don't use brute-force for slow hashes (11:15)
  • How can you crack passphrases? Easy, with PRINCE (11:39)
  • UNHash introduces new rule syntax (11:46)
  • A candidate generator should be able to produce non-english passwords, too (12:45)
  • Agree, machine learning algorithm will fail for passwords (13:26)
  • Postgres involved in this?! For large wordlists > 100 billion this propably will fail (14:56)
  • Writing classifier is bad as it takes time and personal that knows about syntax (17:30)
  • My gutfeeling tells me problems with escaping is preprogrammed (18:00)
  • Theres no specific benefit for UNHash to use any wordlists you like. That's true for nearly all candidate generators (hashcat, prince, jtr, ...) (20:15)
  • It would be interessting to know how fast UNHash can produce new candidates as this is one of the most important factors in password cracking (21:00)
  • Author announced details about comparison but either he didn't do it or I missed it (21:21)
  • Meassurement of guessing efficiency is still not standartized, but it's obvious is will go more into the guesses/cracks direction than it goes into time/cracks as this will work for all algorithms

My impression is that UNHash is near to tools like wordhound, they could be called preprocessors.
I somehow missed the link how the talk on default passwords on the start is related to UNHash.

RE: Comments on UNHash talk at 31c3 - Mem5 - 12-30-2014

Thanks !

The audio on the video you gave is in german :/

RE: Comments on UNHash talk at 31c3 - forumhero - 01-05-2015

here's the english version
https://www.youtube.com/watch?v=_w1vaVNj8fc