04-29-2017, 11:00 PM

I'd like to reduce the storage footprint of generating large wordlists so I started reading about Markov. As I understand from this post, a Markov attack will result in essentially the same amount of hashes attempted when I run hastcat64.bin it just does so faster from statistical analysis of a character at each position.

My summarization might not be spot on but it's close enough, I think.

If the above is true, taking into account that I'm trying to generate large wordlists with a smaller size, would Markov help me accomplish this or am I totally off base on my thinking?

If Markov won't help, other than compression of course, what tools might me available to me?

I'm also considering running some numbers to see how much of a storage impact holding my list's in MySQL with compression enabled via baracuda would have and if it would have any major performance implications.

FWIW I'd consider a ~= -10% performance hit to hashcat as a no-go. Though one could argue this can be recouped with RAID and a direct Ethernet connection.

Quote:To make this very clear: markov doesn't change the overall number of hashes you will crack (it will be always the same amount). Instead, what changes is that with markov the likelihood/probability that you crack a password faster (because of the markov model = probability of each character depending on its position) will increase. General speaking, it's as simple as this (there is no real magic behind it).

My summarization might not be spot on but it's close enough, I think.

If the above is true, taking into account that I'm trying to generate large wordlists with a smaller size, would Markov help me accomplish this or am I totally off base on my thinking?

If Markov won't help, other than compression of course, what tools might me available to me?

I'm also considering running some numbers to see how much of a storage impact holding my list's in MySQL with compression enabled via baracuda would have and if it would have any major performance implications.

FWIW I'd consider a ~= -10% performance hit to hashcat as a no-go. Though one could argue this can be recouped with RAID and a direct Ethernet connection.