05-30-2010, 12:36 PM
I'm brand new to oclhashcat, but it looks really powerful compared to the existing gpu crackers out there, especially with the dictionary/hybrid attacks thrown in.
In general i see better (higher) entropy in position 2, 3 and 4 of passwords than in position 1. If the usual complexity requirements exists (Windows; 3 of 4 character groups), maybe 50% will have first character uppercase letter, than 5-7 lowercase, and then either 2 or 4 digits at the end (date/age/year in XX or XXXX format...)
Could per position charset support be implemented in some way, in order to do smarter "bruteforcing", leaving out lots of the not-so-common combinations?
Best regards,
Per Thorsheim
securitynirvana.blogspot.com
In general i see better (higher) entropy in position 2, 3 and 4 of passwords than in position 1. If the usual complexity requirements exists (Windows; 3 of 4 character groups), maybe 50% will have first character uppercase letter, than 5-7 lowercase, and then either 2 or 4 digits at the end (date/age/year in XX or XXXX format...)
Could per position charset support be implemented in some way, in order to do smarter "bruteforcing", leaving out lots of the not-so-common combinations?
Best regards,
Per Thorsheim
securitynirvana.blogspot.com