-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Custom separation character for prince cracking #2268
Comments
Should it be a character, or set of character??? My Password Here the set is the 4 characters '-_ :' |
For my usecase I basically just need one character (the whitespace). But it may be useful to have multiple, maybe even a group. |
I would think a 'group' would be much more powerful and useful, without too much additional coding. |
Ideally this should be requested / implemented in https://github.com/hashcat/princeprocessor and then we'd merge it from upstream. |
We might want to coordinate PRINCE mode enhancements with hashcat. |
I beat you by 15 seconds @frank-dittrich 😉 |
I was too busy all day, and assumed you or @jfoug would suggest that, anyway. |
Anyway I definitely can see a use for this. Hopefully it can be added with little performance impact. |
Also, for For combinations of 3 words, should prince mode generate
before generating combinations like (I know that I am "simplifying" the way PRINCE works, but I just wanted to demonstrate that there's more than one way to implement such an extension.) There might be a several config or command line options, and it is not easy to decide which default logic might provide best results. |
Personally, from what I have seen in 'current' RW data, your method 1 would be best. Most RW appends are done using the same character. However, some of the notes / documentation in things like diceware, do list to use 'random' symbol characters between the simple words. If I were to use diceware, I certainly would use random character separators, since that would add additional bits for each word. If using the same characters, you only add the additional bits 1 time and none of the other separators add any additional security. But most users DO use the same separator (which is still USUALLY no separator). So, yes, there may have to be several parameters to fully utilize this. It may even be best to provide priority: so,
Then there may have to be other ways to order combinations. Note, things very quickly explode (combination function), and unfortunately the combinations are not going to be uniform likely. However, figuring out which combinations are more likely is probably not going to be an easy to do task. |
I think you are overthinking this right now, @frank-dittrich . What is talking about is basically just using one separator for the whole password. Everything else would be possible, but I think most ppl would only use one separator, like @jfoug pointed out. The group feature would be usefull, too, but basically you could run different versions of the same command in batch for starters. That way you would only need one separator parameter for now and the rest would follow. |
It turns out this is already requested in hashcat/princeprocessor#49 |
Wouldn't using a kind of first-pass-rule processing for separators be a less-disruptive way to implement it ?
Just a quick example out of my mind:
If the wordlist contains ("foo" "bar" "baz") then
Afterwards, normal existing Another possibility: Concatenate words using a truly unique character and rely exclusively on a the current rule pass assuming a rule would be able to:
Example: Combination list before
The rule:
The results:
|
I happen to have described a workaround in https://www.openwall.com/lists/john-users/2024/05/15/3 - start each word with a capital letter, then detect those from rules. |
I would like to a custom separation character for the prince cracking.
Chaining words is a common practice, they may be separated by spaces for example.
Do you see a chance for that?
The text was updated successfully, but these errors were encountered: