06-11-2010, 08:20 AM
phrst Wrote:Here are my thoughts on this subject.
From what I gather the -l value works like this:
If I set -l 1000, it does not mean that it will test 1000 strings. Rather it will test 1000*(combinations in the right mask) strings. So
-l 1000 ?l?l?l?l ?l?l
will search 1000*25*25 strings before stopping.
I haven't found this documented anywhere, but from playing with the commands this is what it looks like.
This means that the more combinations you have in the right mask, the less granularity the -l option gives you. With a right mask of ?l?l?l?l?l, you can only set the limit to multiples of 9765625.
that is correct, both! making -s more precise is listed in my todo.txt. maybe this is possible for -l, too.
phrst Wrote:In the docs you recommend using a left mask of length 4. But going by this heuristic, the longer the string I want to bruteforce the longer the right mask will be. But this also increases the smallest size of the limit we can set (particularly since any -l value of less than 65536 seems to reduce my total speed by at least 25%).
For the things I'm working on I need to partition the search spaces. But the above problems make the -s and -l options pretty useless for me. So I think I will try to partitioning the search spaces manually through the masks, this:
?l?l?l?l ?l?l?la
?l?l?l?l ?l?l?lb
...
?l?l?l?l ?l?l?lz
and so on. Since this seems to have lower impact on performance.
oh no, this is just a recommendation for best performance. it is not a requirement. you can of course set a mask to the length 5, 6 or 7. best left side lengths are 4, 8 and 12. setting it to 8 sometimes is better than 4. but dont make right side to small. btw, nice workaround, should work.