Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 Apr 2011 01:37:14 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: sha256 format patches

Hi Lukas,

On Fri, Apr 15, 2011 at 12:09:50AM +0200, ?ukasz Odzioba wrote:
> fast sha256:
>    -added dma transfer +8%
>    -added asynchronous pcie copy and kernel execution  +12%
> From : ~2990k c/s
> To:    ~3600k c/s

On my 8800 GTS 512:

[user@...alhost src]$ pwd
/home/user/john/john-1.7.6-sha256cuda-1/src
[user@...alhost src]$ ../run/john -te=1 -fo=sha256cuda
Benchmarking: SHA256CUDA [SHA256]... DONE
Raw:    7864K c/s real, 7930K c/s virtual

> slow sha256:
>    -loop unroling
>    -dma trasfer
>    -async pcie copy and kernel execution
> From: ~2520 c/s
> To:   ~3445 c/s

[user@...alhost src]$ pwd
/home/user/john/john-1.7.6-sha256cuda.slow/src
[user@...alhost src]$ ../run/john -te=1 -fo=sha256cuda
Benchmarking: SHA256CUDA [SHA256]... DONE
Raw:    16605 c/s real, 16718 c/s virtual

That's nice.  It means 83 million of SHA-256 compression function
invocations per second.

This gives me hope that you'd be able to achieve something like 10000 c/s
for SHA-256 based SHA-crypt, and 5000 c/s for SHA-512 based SHA-crypt,
both for their default setting of rounds=5000.  (On my slow card.)
The SHA-512 speed is less certain, though - we haven't figured out how
to handle the carries yet.

Current CPU implementations (not optimized) achieve below 1000 c/s at
SHA-512 based SHA-crypt (with rounds=5000) on modern quad-core CPUs
(total for 4 cores).

There appears to be a bug in your code, though:

[user@...alhost run]$ cat pw
1ada9a1034c3f360d1ea0a3585ae12335751081bb10baa8f22909066a852a647
6cc4c4caea3bd6dbe631b7c13b38e0bced196af0c63465d57ce6a096eb46b813
a9388ab7fed1cf61b0209bcfd1b03eec7897ed3fffb1c83e762cbf9ef4fbb74e
[user@...alhost run]$ ./john pw
Loaded 3 password hashes with no different salts (SHA256CUDA [SHA256])
guesses: 0  time: 0:00:00:04 9% (2)  c/s: 0.00
john             (?)
abc              (?)
kristis          (?)
guesses: 3  time: 0:00:00:05 100% (2)  c/s: 7062  trying: 12345 - Eric1

The first two are correct, the third one is not.  I was not able to
reproduce this, though:

[user@...alhost run]$ rm john.pot
[user@...alhost run]$ ./john pw
Loaded 3 password hashes with no different salts (SHA256CUDA [SHA256])
guesses: 0  time: 0:00:00:04 9% (2)  c/s: 0.00
john             (?)
abc              (?)
guesses: 2  time: 0:00:00:05 25% (2)  c/s: 8260  trying: WATER1 - database9
guesses: 2  time: 0:00:00:08 53% (2)  c/s: 10515  trying: LotusLotus - 2devon
guesses: 2  time: 0:00:00:11 84% (2)  c/s: 12122  trying: Tucson0 - 6cowboys
guesses: 2  time: 0:00:00:12 98% (2)  c/s: 12637  trying: newaccounting - Halling
guesses: 2  time: 0:00:00:15 (3)  c/s: 10411  trying: 1952 - 48858721
guesses: 2  time: 0:00:00:18 (3)  c/s: 11119  trying: monnin1 - aloon
guesses: 2  time: 0:00:00:24 (3)  c/s: 12537  trying: sheellie - shartrat
guesses: 2  time: 0:00:01:26 (3)  c/s: 15371  trying: manner12 - 47192769
guesses: 2  time: 0:00:01:39 (3)  c/s: 15512  trying: 32348375 - 35168350
Session aborted

I tried a few more times - got correct results only.

Anyway, I hope you've switched to work on phpass as we discussed (since
it's easier, yet is of practical use).  I'd expect you to have made good
progress at it by now.  Please post a status update.

Oh, and please start formatting your code properly and start to upload
your patches to the wiki (rather than use external links).

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ