Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 5 Aug 2013 12:06:49 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Parallella: bcrypt

Hi Katja,

On Sun, Aug 04, 2013 at 10:07:11PM +0200, Katja Malvoni wrote:
> On Thu, Aug 1, 2013 at 9:25 PM, Katja Malvoni <kmalvoni@...il.com> wrote:
> 
> > I generated 1000 passwords hashes and tested it with 2500 different
> > candidate passwords - it cracked 999 and it should have cracked all of them
> > (when I ran it again it cracked that 1 remaining hash).
> 
> I wasn't able to repeat this. I tested it with same 1000 hashes, it cracked
> all of them. Than I tried again with new 1000 hashes and 3000 passwords
> (actually random generated strings), cracked all. And with password.lst and
> pw.-fake-unix, cracked 3059 as it was supposed to. Speed was 1205 c/s.
> Should I try something else?

I think that at this time we should clean up your code and get it merged
into the main core or jumbo tree.  Can you make whatever cleanups you
think need to be done?  Then I'll take another look and either identify
further cleanups for you to make or maybe I will make those myself.

And yes, I took a look at your currently committed code and did notice
that you've corrected the indentation in the .S file.  Thank you!

As to the reliability issue, maybe you should implement a test program
which will use the same Epiphany code and similar host code, but where
each and every bcrypt computation will have its result checked for
correctness - then run that for a while.  In fact, even calling
fmt_self_test() in a loop might do the trick, but you need to build with
-DDEBUG or remove this piece from formats.c:

/*
 * Test each format just once unless we're debugging.
 */
#ifndef DEBUG
	if (format->private.initialized == 2)
		return NULL;
#endif

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ