Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 18 Jun 2012 18:23:45 +0200
From: Simon Marechal <simon@...quise.net>
To: john-dev@...ts.openwall.com
Subject: Re: notes on sharding the incremental search space

On 14/06/2012 14:49, Tavis Ormandy wrote:
> total_search_space = CharsetLen^NumChars;

I believe there is a slight mistake here. It should be :

	cand = 0;
	for (pos = min_length; pos <= max_length; pos++)
		cand += pow(real_count, pos);


> If exposing this via a supported interface (e.g. the config language, or
> a command line option) has a chance of making the official distribution,
> let me know and I would be happy to write patch.

I always wanted to check how inc actually worked, so I thought I might
just do this. It is however more challenging than I thought. I ported
the -node options from the challenge version (just the options.[hc]
part), and started hacking.

Cutting the search space in many small chunks seemed a good idea, but
contrary to what is proposed I wanted it to behave like this :
* search space is cut in many chunks
* chunks are allocated based on the -nodes options, specifically:
 - first chunk index is the "nodemin" value
 - the following values are computed :
	slicelength = cand / nbshards * (1+nodemax-nodemin);
	jumplength = cand / nbshards * (nbnodes - (1+nodemax-nodemin));
 - "slicelength" passwords are tried, then we skip "jumplength". It
should align with the chunks.

It is more user friendly to run john -nodes:1/4 than running (chunk
count / 4) instances of john. That is, for people who do not work in a
place where they can have an idle core per chunk !

Implementation of the "skip" part seems complex to me. It seems pretty
simple when you end up in the same "entry". Otherwise, it seems like you
should break from inc_key_loop, catch in do_incremental_crack that you
need to skip, adjust everything and run again (probably by wrapping into
another loop, simulating a new -restore restart).

This doesn't seem trivial. Is there some easier way I did not think of ?

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ