Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 29 Sep 2011 04:53:41 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Some ideas about enhanced self-test

magnum -

On Wed, Sep 28, 2011 at 09:53:12AM +0200, magnum wrote:
> [...] Jim, what if you include 
> the nullstring in crc-32 but also include a max-length string? Would 
> that push the benchmarks back closer to real-life figures, or would it 
> push it back too far?

Even though you're asking Jim, let me mention that this is essentially
the approach I've been using - adjust the test passwords such that their
average length is as desired for benchmarking.

Here's another idea: specify the desired average length as a number,
maybe globally or maybe per-format.  Then have the benchmark separate
the tests into those below vs. above the desired average length (and put
those of exactly that length into either bucket) - before its main loop.
In the loop, pick the next password from whatever bucket moves the
average length of passwords tested so far closer to the desired length.
Even though I say "average", there's no need to calculate it (which
would require division) - instead, totals so far may be compared.  Like:

while (benchmarking) {
	if (sum > desired_sum)
		pick = from_below();
	else
		pick = from_above();
	sum += strlen(pick);
	desired_sum += desired_average;
	test(pick);
}

But this may be overkill.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ