Question 1

How do I train PCFG Cracker on my own password list?

Accepted Answer

Use the trainer.py script with the -t flag for the input list and -r for the ruleset name. Ensure the list is plaintext, encoded consistently (e.g., UTF-8), and contains duplicates to identify common patterns, as per the quick start guide.

Question 2

Is PCFG Cracker better than Hashcat for password cracking?

Accepted Answer

PCFG Cracker excels against salted or slow hashes due to its probabilistic accuracy, while Hashcat is superior for fast hashes because of its raw speed. Choose based on hash type: PCFG for efficiency with fewer guesses, Hashcat for brute-force performance.

Question 3

How can I use PCFG Cracker with John the Ripper?

Accepted Answer

Pipe the output from pcfg_guesser.py into John using stdin. For example, 'python3 pcfg_guesser.py -r ruleset | john --stdin --format=bcrypt hashes.txt', as shown in the example cracking section for integrated workflows.

Question 4

What password lists work best for training PCFG Cracker?

Accepted Answer

The RockYou dataset is recommended, with the full 32 million passwords for optimal performance. However, any plaintext list between 100k and 50 million entries can be used, tailored to your target demographic for better accuracy.

Question 5

How does the PRINCE_LING tool generate wordlists?

Accepted Answer

PRINCE_LING creates customized wordlists from PCFG rulesets by stripping out Markov generation and using reduced base-structures. It outputs words in probability order for PRINCE-style combinator attacks, leveraging parsed training data for targeted vocabulary.

Question 6

Can PCFG Cracker estimate how strong a password is?

Accepted Answer

Yes, the password_scorer.py tool estimates the probability of a password being generated by a trained ruleset. It outputs scores for research or strength metrics, though passwords with a 0.0 probability may still be cracked via Markov attacks.

pcfg_cracker

What is pcfg_cracker?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions