Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 19 May 2013 18:37:29 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Incremental mode in 1.7.9.14

On 19 May, 2013, at 18:22 , Solar Designer <solar@...nwall.com> wrote:
> On Sat, May 18, 2013 at 10:04:12PM +0200, Simon Marechal wrote:
>> This might be controversial, but I believe that "early" efficiency is
>> meaningless for that kind of generator. Every sane person will run some
>> kind of dictionary based attack before resorting to incremental.
>> 
>> I will run tests comparing all versions against my "hard" list of
>> plaintexts to check this use case.
> 
> I think the "early" efficiency is not meaningless, but is in fact less
> important than efficiency on relatively stronger passwords (after having
> the weakest ones cracked by other means).
> 
> Luckily, your test results (provided off-list) indicate that the new
> code (the latest patch) performs well on your "hard" passwords as well.

How do we define "early"? Guessing something after 20 biljon tries is a couple of hours for raw-md5 but 300 years for pbkdf2-hmac-sha512 :-)

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ