07-02-2012, 02:17 PM
atom;
Did my very first run of hcstat & statsprocessor, and I have my first question / feature request for you:
I'd like some way to actually see the per-position stats in readable text. I wonder if this could be visualized in some easy way?
My presentation from Passwords^11 (http://www.slideshare.net/perthorsheim/b...statistics), slide number 13, show per-position entropy - or simply number of unique characters per position. The pattern seem to repeat across multiple datasets, although they are all LM/NTLM sets from domains with enforced complexity rules.
My colleague @KluZz (Jan Fredrik Leversund) also made me some code to simply output a table showing number of occurences per character per position, as I've written about before.
--
A next evolution to this would of course be to either develop or grab existing code that gives us stats on 'which word usually comes after word x', where we analyze either passphrases or plain language from books etc, to enable cracking of long pass phrases. With/out using rules for adjusting to complexity and/or mangling rules, Re:http://securitynirvana.blogspot.no/2012/05/challenge-received.html (which remains uncracked. Unsalted MD5, length 16-24....)
Did my very first run of hcstat & statsprocessor, and I have my first question / feature request for you:
I'd like some way to actually see the per-position stats in readable text. I wonder if this could be visualized in some easy way?
My presentation from Passwords^11 (http://www.slideshare.net/perthorsheim/b...statistics), slide number 13, show per-position entropy - or simply number of unique characters per position. The pattern seem to repeat across multiple datasets, although they are all LM/NTLM sets from domains with enforced complexity rules.
My colleague @KluZz (Jan Fredrik Leversund) also made me some code to simply output a table showing number of occurences per character per position, as I've written about before.
--
A next evolution to this would of course be to either develop or grab existing code that gives us stats on 'which word usually comes after word x', where we analyze either passphrases or plain language from books etc, to enable cracking of long pass phrases. With/out using rules for adjusting to complexity and/or mangling rules, Re:http://securitynirvana.blogspot.no/2012/05/challenge-received.html (which remains uncracked. Unsalted MD5, length 16-24....)