Please note, this is a STATIC archive of website hashcat.net from October 2020, cach3.com does not collect or store any user information, there is no "phishing" involved.

hashcat Forum

Full Version: Markov: Wordlist Generation
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
I'd like to reduce the storage footprint of generating large wordlists so I started reading about Markov.  As I understand from this post, a Markov attack will result in essentially the same amount of hashes attempted when I run hastcat64.bin it just does so faster from statistical analysis of a character at each position.

Quote:To make this very clear: markov doesn't change the overall number of hashes you will crack (it will be always the same amount). Instead, what changes is that with markov the likelihood/probability that you crack a password faster (because of the markov model = probability of each character depending on its position) will increase. General speaking, it's as simple as this (there is no real magic behind it).

My summarization might not be spot on but it's close enough, I think.

If the above is true, taking into account that I'm trying to generate large wordlists with a smaller size, would Markov help me accomplish this or am I totally off base on my thinking?

If Markov won't help, other than compression of course, what tools might me available to me?

I'm also considering running some numbers to see how much of a storage impact holding my list's in MySQL with compression enabled via baracuda would have and if it would have any major performance implications.

FWIW I'd consider a ~= -10% performance hit to hashcat as a no-go.  Though one could argue this can be recouped with RAID and a direct Ethernet connection.
It sounds like you're doing a lot of work to create word lists with a lot of permutations up front, and storing them.

But hashcat has features that make this less necessary. In brute force attacks, hashcat already generates candidates in markov order for you. And hashcat's other modes -- rules, masks, hybrid - allow a lot of additional flexibility.

If you're already familiar with these features and need to do something that they do not cover, can you elaborate?
Thanks for the reply, royce! I'm not doing anything other than a bruteforce attack on a wpa2 handshake, I'm new to hashcat and was trying to think of ways to increase performance. E.g rainbow tables via MySQL.
WPA2 is salted using the SSID. So rainbow tables of passwords of non-trivial length are likely to be infeasible for a given AP, other than maaaaaaaaaybe for the ones that are named "linksys" and other generic names.