Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 27 Sep 2011 08:29:16 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Some ideas about enhanced self-test

I take this on-list from here in case someone wants to chime in. This 
started as a private discussion about eg. crc-32 and dummy getting 
significantly inflated benchmark figures from including the null 
password in self-test. The opposite happens with eg. max-length 
self-test for NT - it would decrease the benchmark figure.

On 2011-09-26 02:21, JimF wrote:
> ----- Original Message -----
>  From: "magnum"<rawsmooth@...dband.net>
>> IIRC, the speed test is not necessarily made with all test hashes,
>> just some of them. We should establish just how this is happening.
>> Maybe dummy.c and crc32 could have the blank test in there, but
>> moved to a position where it won't be used for speed test? Testing
>> the null string is important for many formats (key cleaning issues
>> etc) so including them is a good habit.
>>
>> If this is not possible with current john core, maybe it should.
>> We should really have a 27 character test in NT_fmt but it would
>> currently make the benchmark show low.

> might not be bad to have a field, that tells how to use it in bench.
>
> 0 is test and bench all 'ways'.  (all defaults would have this).
> 1 is test and bench 1 hash
>  2 is test and bench multi
>  3 is test only.
>
> Or something like that.  Could be useful to then provide 'extreme'
> hashes for testing, while not skewing the benchmarks too much.  Bench
> should test 'normal' things, trying to get as close to an 'accurate'
> timing of the format.

I'm not sure I understand what you mean with '1 hash' vs 'multi'? 
Anyway, a couple more possible variants:

4 test-only and should match after truncation.
5 test-only and should NOT match the given plaintext. I don't remember 
now but I recall there are cases this would be relevant... maybe also 
related to truncation?
6 (might be overkill) plaintext in struct given in UTF-8 - bench.c 
should convert to current encoding, and if conversion fails, skip this 
entry.

Maybe it should be a bit field, eg. one bit corresponds to test-only, 
and so on.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.