Markov Chains and hashcat.hcstat File
Thanks for your response. I am beginning to better understand how markov-chain (Brute-Force++) works. Can I explain how I think it works to see if I have it right:

1) hcstat file is created with statsprocessor by using a corpus of words.

2) For up to 15 positions, statsprocessor goes through the corpus and determines the frequency of each character for each position. [And does it also consider the character in the prior position?]

3) The result is a rank-ordering of character frequency by position.

4) The default hcstat file is hashcat.hcstat, which was created from the rockyou password file.

5) When hashcat uses any mask-type attack, it goes through the key-space in the order determined by hcstat file, i.e., for each position, it starts with the most frequent character.

6) If a threshold parameter is given, then the chain is truncated for each position to that length, i.e., for -t 10, only the 10 most frequent characters by position are considered.

7) Unless a threshold parameter is specified (or it is -t 0), the maximum size of the key-space is the (mask-length) ^ (#-of-characters used by statsprocessor). For example, if -1 ?l?u was used by statsprocessor and the mask-length used by hashcast was 11, then max-key-space = 11^26.

8) If a threshold parameter is specified, then the max-key-space is (mask-length) ^ (t). For the example above, if a -t 8 is specified, then the max-key-space = 11^8.

By no means am I sure all that this is correct, but it is my working model and if I am wrong, I would appreciate the community's feedback.


Messages In This Thread
RE: Markov Chains and hashcat.hcstat File - by chicago-guy - 11-03-2012, 08:30 PM