Compare and contrast Passcape's rules
#1
As I've mentioned before, I look at the world of file password recovery software, to get ideas of what else is going on out there, with word lists and rules. Those programs don't have 15 character limitations, and make working with multiple word lists easy, for example. They are also all commerical, and typically Russian.

But, trial versions are usually available, and can be broken out by UniExtract, to just look at the help files, word lists, and rules, if one doesn't want to bother with actually installing them.

A relatively new entry to the field are the Office password recovery programs by Passcape Software, at http://www.passcape.com/office_passwords

They have a john-like language, which I haven't compared to hashcat yet, but while most companies either have just a few sample rules, or a few KoreLogic rules, those Passcape's programs have 100,000 lines of rules. D3ad0ne's V2.1 rules distributed with hashcat have 35,000 lines. The more approachable KoreLogic rules for hashcat have around 200,000 lines while the more exotic, like KoreLogicRulesAppendNumbers_or_Specials_PrependLetter.rule alone has over 1,000,000 (one million) lines.

I'm not going to have the time to compare and contrast Passcape's rules to those known for hashcats, for a while, so am asking here, in case anyone else is interested. (E.g., are these simply a subset of KoreLogic's rules or unrelated? Are D3ad0ne's rules in there, without attribution? Or, are they unrelated? Are they any "good"? Etc.)
#2
Passware uses Korelogic's rules, they were released to the public, you know.
#3
http://contest-2012.korelogic.com/faq.html

Can I get a copy of KoreLogic's password cracking rules? Are there any restrictions on their use?

Anyone may download the rules and wordlists from past years' contest sites; 2012's will be published after August 1, 2012. They are free for use by individuals or corporations for their own internal use, or for use in providing general security or IT consulting services. An important restriction is that if you use these rules in a commercial password cracking product, software, or service, KoreLogic must be credited as the provider of the rules. (Contact us if you would like to discuss alternate licensing options.)
#4
Yeah.
#5
Passware openly and properly uses KoreLogic rules, but I'm asking about Passcape.
#6
In that case, no idea really.
I can ask the guy.
#7
Also, KoreLogicRulesAppendNumbers_or_Specials_PrependLetter.rule sounds useless for oclHashcat, we use hybrid attack for such attacks!
#8
Along with re-working the KoreLogic rules for oclHashcat-plus, I'm also splitting other's rules, like Passcape's and D3ad0ne's into separate CPU and GPU rule files.

In other words, I run the original rule file on oclHashcat-plus just to get the list of rejected rules, which then becomes the CPU rules file, and then removing them from the original to get what becomes the GPU rules file.

The CPU rules get run on hashcat, and the GPU rules get run on oclHashcat-plus, so all of the rules are run, but getting the speed advantage of 'plus.
#9
Passcape's rules have found passwords where D3ad0ne's and the subset of KoreLogic rules I run haven't.