Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 31 Jan 2013 10:34:54 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: NetNTLMv1

On Thu, Jan 31, 2013 at 09:54:06AM +0400, Solar Designer wrote:
> I have a quick and dirty implementation, storing the entire 512 KB table
> per salt.  (This can be lowered by storing partial DES blocks - still
> sufficient to reject most password candidates.)
> 
> I'll post benchmarks and patch shortly.

I've attached the patch (made against bleeding-jumbo).  This does show
good speed improvement, although in absolute terms the speeds are still
a lot lower than hashcat's since we're using non-SIMD implementation of
NTLM here.  We ought to switch to using our optimized NTLM also as part
of NetNTLMv1.  (Need to review other related formats for this as well.)

Old, one core in FX-8120:

Benchmarking: NTLMv1 C/R MD4 DES (ESS MD5) [32/64]... DONE
Many salts:     3086K c/s real, 3086K c/s virtual
Only one salt:  2221K c/s real, 2221K c/s virtual

Old, full FX-8120:

Benchmarking: NTLMv1 C/R MD4 DES (ESS MD5) [32/64]... (8xOMP) DONE
Many salts:     16187K c/s real, 2023K c/s virtual
Only one salt:  7618K c/s real, 952320 c/s virtual

New, one core in FX-8120:

Benchmarking: NTLMv1 C/R MD4 DES (ESS MD5) [32/64]... DONE
Many salts:     86834K c/s real, 86834K c/s virtual
Only one salt:  7278K c/s real, 7278K c/s virtual

Benchmarking: NTLMv1 C/R MD4 DES (ESS MD5) [32/64]... DONE
Many salts:     163481K c/s real, 163481K c/s virtual
Only one salt:  7471K c/s real, 7471K c/s virtual

(yes, the "many salts" speed varies a lot)

New, full FX-8120:

Benchmarking: NTLMv1 C/R MD4 DES (ESS MD5) [32/64]... (8xOMP) DONE
Many salts:     149438K c/s real, 47591K c/s virtual
Only one salt:  11780K c/s real, 1476K c/s virtual

(Poor OpenMP scalability here.  We could probably correct that.)

This is proof-of-concept, although we can/should commit it already for
some nice improvement over what we had before.  We should also proceed
to optimize this code for real, starting by making use of our
SIMD-enabled NTLM code for this format as well.  Anyone?

Alexander

View attachment "john-NETNTLM-table.diff" of type "text/plain" (4462 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ