Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 9 Sep 2011 11:18:37 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Question over validity of concept in JtR's benchmarking code.

Jim -

On Thu, Sep 08, 2011 at 04:27:58PM -0500, jfoug wrote:
> Is sending correct passwords to the benchmark functions a 'valid' way to
> benchmark?    In real testing, we assume that a correct password, is a VERY
> rare event. There may be billions, or 100's of billions of passwords tested,
> before a correct password is found (if ever).
> 
> Would it not make more sense, to provide incorrect passwords when
> benchmarking the format?

You're right.  It just did not affect benchmark results for hash types
supported in the main/conservative JtR tree.  In -jumbo and other
patches, we probably now have formats where this makes a difference, so
it may be time to make the benchmarking more real-world'ish.  (I haven't
considered your specific proposed changes yet.)

I also would like to have benchmarking continue to test the functions
for correct operation.  Right now, those extra seconds are wasted in
terms of testing.  We're only using them to get the performance numbers.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ