Update README with new numbers

RickdeJager · Nov 5, 2020 · 3eeeb1f · 3eeeb1f
1 parent f87d67b
commit 3eeeb1f
Showing 1 changed file with 38 additions and 17 deletions.
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # :zap: Stegseek
 
-Stegseek is a lightning fast steghide cracker, built as a fork of the original steghide project. As a result it is _way_ faster than other crackers and can run through the entirety of **`rockyou.txt` in under a minute.**
+Stegseek is a lightning fast steghide cracker, built as a fork of the original steghide project. As a result it is _thousands of times_ faster than other crackers and can run through the entirety of **`rockyou.txt` in just 5 seconds.**
 
 Skip ahead to [Performance](#chart_with_upwards_trend-performance) for some raw numbers.
 
@@ -13,7 +13,7 @@ The following instructions walk you through the installation process. Alternativ
 On Ubuntu-based systems, you can use the provided `.deb` package for installation:
 
 1. Download the latest [Stegseek release](https://github.com/RickdeJager/stegseek/releases)
-1. Install the `.deb` file using `sudo apt install ./stegseek_0.1-1.deb`
+1. Install the `.deb` file using `sudo apt install ./stegseek_0.2-1.deb`
 
 ## Building from source
 On other systems you will have to build Stegseek yourself. See [BUILD.md](BUILD.md) for more information.  
@@ -28,7 +28,7 @@ stegseek --crack -sf [stegofile.jpg] -wl [wordlist.txt]
 
 Use `stegseek --help` to get the full list of available options:
 ```
-Stegseek version  0.1
+Stegseek version  0.2
 
 === Stegseek Help ===
 To crack a stegofile;
@@ -57,42 +57,63 @@ docker run -it -v "$(pwd):/steg" rickdejager/stegseek --crack -sf [stegofile.jpg
 This does require that the wordlist and stegofile are located in current working directory, as that folder is mounted to `/steg` inside of the container.
 
 # :chart_with_upwards_trend: Performance
-This is where Stegseek really shines. As promised, let's start with the "`rockyou.txt` under a minute claim".  
+This is where Stegseek really shines. As promised, let's start with the "`rockyou.txt` in just 5 seconds" claim.  
 All of these numbers are measured on a laptop with an Intel i7-7700HQ CPU @ 2.80GHz and 8 GB of RAM.  
 
 ## RockYou.txt
 I picked the last password in `rockyou.txt` without control characters: "␣␣␣␣␣␣␣1" (7 spaces followed by '1').  
 This password is on line `14344383` out of `14344391`  
 
 ```
-time stegseek --crack -sf pic.jpg -wl rockyou.txt 
+time stegseek --crack -wl rockyou.txt -sf 7spaces1.jpg
+Stegseek version  0.2
 [i] Read the entire wordlist (14344391 words), starting cracker
 [ 14344392 / 14344391 ]  (100,00%)                 
 [i] --> Found passphrase: "       1"
 
 [i] Original filename: "secret.txt"
-[i] Extracting to "pic.jpg.out"
+[i] Extracting to "7spaces1.jpg.out"
 
-real	0m41,359s
-user	5m24,819s
-sys	0m0,544s
+real	0m5,236s
+user	0m32,943s
+sys	0m3,909s
 ```
 
-And there it is, over 14 million passwords in 41 seconds :heart_eyes:.
+And there it is, over 14 million passwords in 5 seconds :heart_eyes:.
 
 ## How does this compare to other tools?
 
 To test the performance of of other tools, I created several stego files with different passwords, taken from `rockyou.txt`. I ran each of the tools with their default settings, except Stegbrute where I increased threading for a fair comparison.
 
-| password    | Line        | Stegseek v0.1 | Stegcracker 2.0.9 | Stegbrute v0.1.1 (-t 8) |
+| password    | Line        | Stegseek v0.2 | Stegcracker 2.0.9 | Stegbrute v0.1.1 (-t 8) |
 |-------------|-------------|---------------|-------------------|-------------------------|
 | "cassandra" | 1 000       |          0.7s |              3.1s |                    0.7s |
-| "kupal"     | 10 000      |          0.7s |             14.4s |                    7.1s |
-| "sagar"     | 100 000     |          1.0s |           2m23.0s |                 1m21.9s |
-| "budakid1"  | 1 000 000   |          3.2s | [p]      23m50.0s |                13m45.7s |
-| "␣␣␣␣␣␣␣1"  | 14 344 383  |         41.4s | [p]    5h41m52.5s | [p]          3h17m38.0s |
+| "kupal"     | 10 000      |          0.8s |             14.4s |                    7.1s |
+| "sagar"     | 100 000     |          0.8s |           2m23.0s |                 1m21.9s |
+| "budakid1"  | 1 000 000   |          1.1s | [p]      23m50.0s |                13m45.7s |
+| "␣␣␣␣␣␣␣1"  | 14 344 383  |          5.2s | [p]    5h41m52.5s | [p]          3h17m38.0s |
 
 [p] = projected time based on previous results.  
 
-To compare the speed of Stegseek, let's look at the speed for the `1 000 000th` entries (below this value, initialization still takes too much time to get a measurement). At this scale `Stegseek` is `400+` times faster than stegcracker and `250+` times faster than Stegbrute.
-
+To compare the speed of each tool, let's look at the last row of the table (otherwise Stegseek finishes before all threads have started).  
+At this scale Stegseek is almost **4000** times faster than Stegcracker and over **2000** times faster than Stegbrute.
+
+
+## Changelog
+
+### v0.2
+2020-11-05  
+improvements:  
+* Give up on a passphrase once a single bit of the magic fails to decode
+* Removed costly BitString / EmbData allocations
+* Improved performance of the selector
+* cracks `rockyou.txt` in 5 seconds.
+
+### v0.1
+2020-11-04  
+Initial release, features:  
+* Only loads the stego file once, unlike conventional crackers
+* Workpool based threading
+* Attempts to crack the first 3 bytes first, before attempting full decryption
+* Added .deb package and docker container
+* cracks `rockyou.txt` in 41 seconds.