Open Tostino opened 1 year ago
Hello, there @Tostino.
I have made a change on my project on what I believe would be the equivalent of this line on this project: https://github.com/GoSimpleLLC/nbvcxz/blob/main/src/main/java/me/gosimple/nbvcxz/matching/DictionaryMatcher.java#L271
Something along the lines below.
public List<Match> match(final Configuration configuration, final String password)
{
final List<Match> matches = new ArrayList<>();
// Create all possible sub-sequences of the password
for (int start = 0; start < password.length(); start++)
{
for (int end = start + 1; end <= search_end(start, password.length(), dictionary_identifier); end++)
{
final String split_password = password.substring(start, end);
...
I believe on your case, if you follow this direction there may be a few more things to adjust because I noticed you only iterate over the dictionaries further inside the nesting of for loops so you don't have an dictionary identifier at that point. But even if you just limit to the size of the largest word among all dictionaries the performance would improve.
Alright this is now fixed by this commit: https://github.com/GoSimpleLLC/nbvcxz/commit/aebdd84dba0498ad7e4a8cb1aa00ceed9c31749f
Example output:
Commands: estimate password (e); generate password (g); quit (q)
Please enter your command:
e
Please enter the password to estimate:
6c891879ed0a0bbf701d5ca8af39a766
----------------------------------------------------------
Time to calculate: 7 ms
Password: 6c891879ed0a0bbf701d5ca8af39a766
Entropy: 165.437600046154
Your password meets the minimum strength requirement.
Time to crack: ONLINE_THROTTLED: infinite (>100000 centuries)
Time to crack: ONLINE_UNTHROTTLED: infinite (>100000 centuries)
Time to crack: OFFLINE_ARGON2_ID: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_14: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_12: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_10: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_8: infinite (>100000 centuries)
Time to crack: OFFLINE_BCRYPT_5: infinite (>100000 centuries)
Time to crack: OFFLINE_SHA512: infinite (>100000 centuries)
Time to crack: OFFLINE_SHA1: infinite (>100000 centuries)
Time to crack: OFFLINE_MD5: infinite (>100000 centuries)
-----------------------------------
Match Type: BruteForceMatch
Entropy: 165.437600046154
Token: 6c891879ed0a0bbf701d5ca8af39a766
Start Index: 0
End Index: 31
Length: 32
----------------------------------------------------------
It did impact the scoring as expected.
Combine the output of concecutive bruteforce matches prior to returning the result. This is ugly as can be right now with each letter going into a bruteforce match.
Note - this will change the scoring for these, which isn't quite right currently, as we don't properly guess the cardinality of the total bruteforce section of the password.
Example: