← Back to context

Comment by raphman

3 days ago

Thanks for sharing. This looks interesting. Impressive achievement.

This book is currently not really relevant for me, so I just skimmed the samples on Amazon. I found the technical content to be reasonably accurate and interesting although sometimes a little bit verbose (e.g., the section about 'what is a password') or slightly imprecise. In general, I think this book might have benefited from a thorough copyediting pass. There are quite a few grammar errors and unpolished sentences in the book, e.g.:

> The reason why Linux is imperative is that well, for one, most of the tools we will use, while indeed have builds for other systems, like Windows, in this book we will work with Linux.

Wishing you success and keep on writing!

12 comments

raphman

Reply
copypaper  3 days ago

Yea after skimming the samples on Amazon I noticed that nearly every single sentence had at least one comma in it (adding zero value). It feels like I'm reading someones thoughts.

Personally, I love abusing commas for comments and shitposting, but they should be avoided in informative resources like books, otherwise, it looks like a word salad. Say your thoughts and ideas with boldness and certainty.

But hey you write better than I did at 18, so I ain't judging. Just trying to provide helpful feedback for you (the op) to improve on.

nojvek  3 days ago

In this day, I actually appreciate imperfect human written content.

Too much AI slop, perfect grammar but no substance out there.

This seems like a substance filled book.

Congrats on shipping a book.

dugidugout  3 days ago

What did you find slightly imprecise?

  • raphman  3 days ago

    A few small things. You might call this nitpicking. And, as I wrote, I found the technical details generally accurate.

    > "Then there is also the fact that having a fully-fledged graphical desktop environment running in the background at all times is not quite optimal to say the least. 99 percent of the time when cracking passwords, you will be staring at a black terminal filled with white text, so using Windows, which is especially GUI-heavy, is usually impractical unless you are specifically testing something or showcasing some process."

    I am reasonably sure that the Windows UI has rather little practical effect on hashcat's speed, and this thread implies the same: https://hashcat.net/forum/archive/index.php?thread-8958.html Also, 99 percent of the time when cracking passwords, I am not staring at a black terminal filled with white text.

    (I am generally taking it a little bit personally when the author directly addresses me and tells me what I am probably thinking or doing.)

    > "Behind a hash function are a series of complicated mathematical operations that make deriving the input from the output literally impossible."

    I'd argue that the mathematical operations themselves are usually not that complicated. More importantly, the whole book seems to be about ways to derive the (probable) input of a hash function from the output. It is not literally impossible.

    > "It is important to note, however, that hash functions are not truly random;"

    As the author writes elsewhere, hash functions are deterministic and not random at all. Calling them not truly random seems to imply that they are somewhat random.

    > "When encrypting a file or any kind of data with AES for example, the program leveraging AES will prompt you for a password. Yes, a password."

    Yes, this is a book about password cracking, but there are lots of cases where programs use AES with a computer-generated key and won't prompt you for a password. E.g., TLS.

    (Just to reiterate: I am not trying to diminish the author's work, I wanted to suggest ways for improvement. I might be wrong or overly pedantic.)

    • Cpoll  3 days ago

      > I'd argue that the mathematical operations themselves are usually not that complicated. More importantly, the whole book seems to be about ways to derive the (probable) input of a hash function from the output. It is not literally impossible.

      I think you're not being pedantic enough here. "Probable" is doing some heavy lifting. And the phrasing is "derive the input," which I think is fair to say. The best you can do with a proper hash is discover one or more possible inputs, but you're not deriving them from the output; the output is just used to check the result. The many-to-one nature of a hash precludes determining the exact input.

      2 replies →

    • ofrzeta  3 days ago

      > (I am generally taking it a little bit personally when the author directly addresses me and tells me what I am probably thinking or doing.)

      I think it's a canonical way to generalize the audience as in "99 percent of the time when cracking passwords, one will be staring at a black terminal filled with white text" just as in the German "man". So with that in mind maybe you no longer have a reason to be offended :)

  • jfarina  3 days ago

    It's awkwardly phrased and doesn't really say what it intends to (though, the meaning is obvious after reading it a second or third time).

    As for it being imprecise, it doesn't talk about any specific software that has any compatibility issues. It dismisses the topic out of hand.

    • arcfour  3 days ago

      I do think we should keep in mind the age of the author, which still makes it a very impressive achievement!

      There being room for improvement is both acceptable and expected.

      2 replies →