I started off with two rules. One comes with oclHashcat - the other I wrote myself. I then compiled a
huge list of MD5 hashes from the InsidePro forums to use as my target/testing hash list.
For the base dictionary, I merged/sorted/removed dupes between the rockyou dictionary
and passwords from the recent 10 million combo leak. The final dictionary can be downloaded
here for the curious.
I ran my two rules against these hashes with this dictionary and these were the results.
I outputted all rules that had a match into a file called match.rule. I then sorted
this file based on occurence and made the following rules out of it. The different sizes could
be useful if time is of essence and/or the hashing algorithm is slow. You could also obviously
head the amount of rules that you want from the top_5000.rule instead.
I done some testing on the same list, and these were the results.
I realize that the rule set will be kind of biased towards this specific list since it was created
using found passwords from this list. So for further testing, I compiled a list of 1 million hashes
using random passwords from a totally separate HQ cleartext (not cracked!) password leak. These
were the results.
The rules can be downloaded here.
huge list of MD5 hashes from the InsidePro forums to use as my target/testing hash list.
For the base dictionary, I merged/sorted/removed dupes between the rockyou dictionary
and passwords from the recent 10 million combo leak. The final dictionary can be downloaded
here for the curious.
I ran my two rules against these hashes with this dictionary and these were the results.
Code:
passwordspro.rule (~3300 rules) - 42.52%
tony.rule (~5500 rules) - 49.44%
I outputted all rules that had a match into a file called match.rule. I then sorted
this file based on occurence and made the following rules out of it. The different sizes could
be useful if time is of essence and/or the hashing algorithm is slow. You could also obviously
head the amount of rules that you want from the top_5000.rule instead.
I done some testing on the same list, and these were the results.
Code:
no rules - 14.67% found
best 64 - 17.71% found
top_250.rule - 36.14% found
top_500.rule - 39.64% found
top_750.rule - 41.91% found
top_1500.rule - 45.76% found
top_3000.rule - 48.77% found
I realize that the rule set will be kind of biased towards this specific list since it was created
using found passwords from this list. So for further testing, I compiled a list of 1 million hashes
using random passwords from a totally separate HQ cleartext (not cracked!) password leak. These
were the results.
Code:
$ shuf ***.dic | head -n1000000 > random.dic
$ ./md5gen random.dic > random.lst
Code:
no rules - 8.23% found
best 64 - 31.42% found
top_250.rule - 42.97% found
top_500.rule - 48.16% found
top_750.rule - 50.97% found
top_1500.rule - 55.80% found
top_3000.rule - 60.59% found
The rules can be downloaded here.