11-03-2012, 08:30 PM
Thanks for your response. I am beginning to better understand how markov-chain (Brute-Force++) works. Can I explain how I think it works to see if I have it right:
1) hcstat file is created with statsprocessor by using a corpus of words.
2) For up to 15 positions, statsprocessor goes through the corpus and determines the frequency of each character for each position. [And does it also consider the character in the prior position?]
3) The result is a rank-ordering of character frequency by position.
4) The default hcstat file is hashcat.hcstat, which was created from the rockyou password file.
5) When hashcat uses any mask-type attack, it goes through the key-space in the order determined by hcstat file, i.e., for each position, it starts with the most frequent character.
6) If a threshold parameter is given, then the chain is truncated for each position to that length, i.e., for -t 10, only the 10 most frequent characters by position are considered.
7) Unless a threshold parameter is specified (or it is -t 0), the maximum size of the key-space is the (mask-length) ^ (#-of-characters used by statsprocessor). For example, if -1 ?l?u was used by statsprocessor and the mask-length used by hashcast was 11, then max-key-space = 11^26.
8) If a threshold parameter is specified, then the max-key-space is (mask-length) ^ (t). For the example above, if a -t 8 is specified, then the max-key-space = 11^8.
By no means am I sure all that this is correct, but it is my working model and if I am wrong, I would appreciate the community's feedback.
Thanks.
1) hcstat file is created with statsprocessor by using a corpus of words.
2) For up to 15 positions, statsprocessor goes through the corpus and determines the frequency of each character for each position. [And does it also consider the character in the prior position?]
3) The result is a rank-ordering of character frequency by position.
4) The default hcstat file is hashcat.hcstat, which was created from the rockyou password file.
5) When hashcat uses any mask-type attack, it goes through the key-space in the order determined by hcstat file, i.e., for each position, it starts with the most frequent character.
6) If a threshold parameter is given, then the chain is truncated for each position to that length, i.e., for -t 10, only the 10 most frequent characters by position are considered.
7) Unless a threshold parameter is specified (or it is -t 0), the maximum size of the key-space is the (mask-length) ^ (#-of-characters used by statsprocessor). For example, if -1 ?l?u was used by statsprocessor and the mask-length used by hashcast was 11, then max-key-space = 11^26.
8) If a threshold parameter is specified, then the max-key-space is (mask-length) ^ (t). For the example above, if a -t 8 is specified, then the max-key-space = 11^8.
By no means am I sure all that this is correct, but it is my working model and if I am wrong, I would appreciate the community's feedback.
Thanks.