best64.rule contest
#31
Quote:However, we might just get a ruleset highly specific to the wordlist used.

That's some nice idea I did not thought on before. Problem I see with this that everyone has it's own "primary" wordlist I think and they are all different from each other. It would require something like a rockyou.txt, something that everyone has, but then this would'nt be my first choice when it comes to hard hashes.
Reply
#32
My hope about the contest is that we find the most generally used rules that we can use in cracking slow hashes.
Reply
#33
I call Best32, Best64 and Best128
Reply
#34
(04-25-2015, 07:28 PM)Repentance Wrote: I call Best32, Best64 and Best128

That's one possibility. We can also make a Best128 and sort by efficiency, so one can head -XXX the file and take the number he wants.
Reply
#35
I thought again about the contest from the idea of it. The way we think atm, the approach we are using atm, it has also a major disadvantage. If we agree too what our goal is with this contest, to find the best efficient rules to crask slow hash types like truecrypt, we should think different.

Because sometimes we find different rules to be more efficient than other based on the target hash. Basically this is the idea of PRINCE, but we can try to do something like this with rules, too. However, we need to create target-classes. So, instead of a count we set it fixed to some size (like 128) and add the target, like:
  • best_truecrypt.rule
  • best_chinese.rule
  • best_admin.rule
  • best_financial.rule
  • best_nazi.rule

For the above rules I can assure you those "targets" would have different best32 rulesets.

And don't get confused from it. For example while adding a hash-type like truecrypt to a target class is basically a bad idea, this is just a political correct substitution for a ruleset targeting people trying to hide data on that truecrypt volume. Also the reason I put up a chinese target is not because my goal is to crack chinese hashes, it's just that from my experience people from china are using pure numbers, long numbers, as their password. That has something to do with their keyboard input.

While this type of rulesets is not so common it's basically what people need.
Reply