Discussion:
[john-users] Markov mode and number of guess
Matlink
2018-01-30 16:09:15 UTC
Permalink
Hello everyone,

is it easy to ask, in --markov mode, JTR to output at least N words,
according to a .stats file created with calc_stat?

Thanks,
--
Matlink - Sysadmin matlink.fr
Sortez couverts, chiffrez vos mails : https://café-vie-privée.fr/
XMPP/Jabber : ***@matlink.fr
Clé publique PGP : 0x186BB3CA
Empreinte Off-the-record : 572174BF 6983EA74 91417CA7 705ED899 DE9D05B2
Solar Designer
2018-02-02 20:16:07 UTC
Permalink
Post by Matlink
is it easy to ask, in --markov mode, JTR to output at least N words,
according to a .stats file created with calc_stat?
I have no answer to this (I'm not familiar with Markov mode, and am not
using it). I'd appreciate it if someone else in the community answers.

Alexander
Matt Weir
2018-02-02 20:51:06 UTC
Permalink
Hi Matlink,
To answer your question, let me refer you to the JtR Wiki page on
Markov mode.

http://openwall.info/wiki/john/markov

As a short answer, after you generate your stats file, (or if you are
going to use the default stats file), run the 'genmkvpwd' command with
the length info you are targeting to see how many guesses will be
generated for different levels. For example:

./genmkvpwd statfile max_lvl [max_len] [start] [end]

$ ./genmkvpwd stats 0 12
lvl=100 (2424 Kb for nbparts) 9846 possible passwords
lvl=101 (2448 Kb for nbparts) 10 K possible passwords (10849)
lvl=102 (2472 Kb for nbparts) 11 K possible passwords (11915)
lvl=103 (2496 Kb for nbparts) 13 K possible passwords (13104)
lvl=104 (2520 Kb for nbparts) 14 K possible passwords (14446)
...
lvl=346 (8328 Kb for nbparts) 440023 G possible passwords (440023594138549)
lvl=347 (8352 Kb for nbparts) 478482 G possible passwords (478482142956335)
lvl=348 (8376 Kb for nbparts) 520144 G possible passwords (520144425218940)
lvl=349 (8400 Kb for nbparts) 565264 G possible passwords (565264299077832)
lvl=350 (8424 Kb for nbparts) 614114 G possible passwords (614114588006381)

Using the above example, for that statsfile, targeting passwords of
length 0 - 12, if you set the level to 104 it would generate 14446
password guesses.

The format for actually using Markov mode is ... a bit weird. Taken
from the wiki:

–markov[=level[:start:end[:maxlen]]]

So using the above example of starting a new run with a level of 104,
with a max length of 12 you would use

--markov=104:0:0:12

I know, the 0:0 is weird but that means you will try everything. You
could also do 0:14446. The reasoning behind this option is to let you
split up processing Markov mode on different threads.

Backing up a step, I generally recommend using Incremental mode in JtR
vs. Markov mode. For most cracking scenarios incremental is way better
from a practical real world standpoint. Markov is more useful for
academic research, or fixed runs where you know exactly how your
hardware performs and how long you want to invest in a cracking
session. The following writeups I did on the differences between the
two modes are out of date, but still might provide a bit of insight
into what each mode does under the hood:

http://reusablesec.blogspot.com/2009/11/analysis-of-10k-hotmail-passwords-part.html

http://reusablesec.blogspot.com/2010/01/analysis-of-10k-hotmail-passwords-part.html

Cheers,
Matt
Post by Solar Designer
Post by Matlink
is it easy to ask, in --markov mode, JTR to output at least N words,
according to a .stats file created with calc_stat?
I have no answer to this (I'm not familiar with Markov mode, and am not
using it). I'd appreciate it if someone else in the community answers.
Alexander
Loading...