01-27-2013, 06:35 AM
Thank you atom. I wasn't trying to bump that old thread back up, it's just that it laid fallow for a couple days before I read it. I thought this paper might be appropriate to the discussion but I'm happy to have it posted wherever you like. Thank you for not deleting it!
I don't know which of your tools Ashwini tested with. I believe when she was referring to "Hashcat" she was probably talking about the entire suite of tools. It's not clear from the paper what results they got with anything other than JTR. No mention of a length limitation was made and I didn't even see any mention of the hash type so they may have simply done simple MD5 tests to come to their research conclusions. They may also have just stuck with CPU tests rather than GPU because they didn't actually need to break the passphrases, they just needed to understand how one MIGHT go about trying.
As I said, the paper certainly wasn't just about length (in one spot they point out that longer is NOT always better) it was more about the structure of long passwords. Kind of drawing the correlation to words that Markov chains have to characters.
Anyway, food for thought....
Thanks.
I don't know which of your tools Ashwini tested with. I believe when she was referring to "Hashcat" she was probably talking about the entire suite of tools. It's not clear from the paper what results they got with anything other than JTR. No mention of a length limitation was made and I didn't even see any mention of the hash type so they may have simply done simple MD5 tests to come to their research conclusions. They may also have just stuck with CPU tests rather than GPU because they didn't actually need to break the passphrases, they just needed to understand how one MIGHT go about trying.
As I said, the paper certainly wasn't just about length (in one spot they point out that longer is NOT always better) it was more about the structure of long passwords. Kind of drawing the correlation to words that Markov chains have to characters.
Anyway, food for thought....
Thanks.