09-10-2011, 01:27 AM
I wanted the "expander" in order to try out the procedure shown on http://www.question-defense.com/2010/08/...int-attack
The author states this is an effective method, but it seems weak.
Whereas oclHashcat has the notion of left and right sides, essentially signifying "prefix" and "suffix" halves of a potential password, the expander simply outputs every permutation of every dictionary word.
To me a much better technique would be to process every dictionary word looking for potential prefixes and suffixes, rank them, then output the "best" n candidates for input into oclHashcat.
I went ahead and did this in Java (only took a couple of hours), and the results look very promising.
Unfortunately I'm unable to properly benchmark this because my test hash type is descrypt, and descrypt is not supported in oclHashcat (it is supported in the other two flavors...). So it will have to just look promising for the time being.
I'll make you a trade - If you add support for descrypt into oclHashcat, I'll post the source code!
The author states this is an effective method, but it seems weak.
Whereas oclHashcat has the notion of left and right sides, essentially signifying "prefix" and "suffix" halves of a potential password, the expander simply outputs every permutation of every dictionary word.
To me a much better technique would be to process every dictionary word looking for potential prefixes and suffixes, rank them, then output the "best" n candidates for input into oclHashcat.
I went ahead and did this in Java (only took a couple of hours), and the results look very promising.
Unfortunately I'm unable to properly benchmark this because my test hash type is descrypt, and descrypt is not supported in oclHashcat (it is supported in the other two flavors...). So it will have to just look promising for the time being.
I'll make you a trade - If you add support for descrypt into oclHashcat, I'll post the source code!