Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 30 Oct 2012 21:45:29 +0100
From: Lukas Odzioba <lukas.odzioba@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Serious bug in md5crypt-cuda - or in driver?

2012/10/30 magnum <john.magnum@...hmail.com>:
> The current md5crypt-cuda code works fine with Fermi and Kepler cards but on a 9600GT I noticed today I got unreasonably good speed:
>
> Benchmarking: md5crypt [CUDA]... DONE
> Raw:    63351K c/s real, 63351K c/s virtual
>
> At first I did not spot anything unusual but hey wait a minute, is that a K tucked on the figures?!
>
> So I ran it through the Test Suite which very quickly ends up claiming everything passed. But some manual testing revels that it will simply accept ANY password as valid for ANY hash. We should enhance the Test Suite (and possibly the self tests?) so it can detect false positives like these.

It accepts any pass for any hash only on 9600GT, for rest what have
you tested it it worked as it should?

> This is not necessarily a bug in Lukas' code, it may be in whatever version of CUDA I'm running on that machine so I'll need to investigate more. But anyone having pre-fermi cards, please share your benchmarks or real tests. BTW all other CUDA formats seem to work fine on that card except mscash, wpapsk and pwsafe - these three fails self-tests. All three pass on my laptop GT650.
My old 9800GT stopped working after I put it next to magnets from
disassembled hdd, so I am not able to run anything on it.

> Oh, and while looking at the code I saw an unrelated problem in set_salt(): It resets the global any_cracked variable without clearing the outbuffer - and this causes such clearing to be skipped in the next crypt_all(). In rare cases this will probably also lead to false positives but this is not the cause of the initial problem.

Thank you for looking into that.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ