Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 21 Sep 2015 15:36:00 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Judy array

Fred -

On Sun, Sep 20, 2015 at 07:05:06AM -0700, Fred Wang wrote:
> ./john --format=raw-md5 --wordlist=/big/words/10m.pass --rules=best64 --pot=foo.pot 29m.txt
> wc -l foo.pot 
> 1793671
> 
> ./john --format=raw-md5 --pot=foo.pot --show 29m.txt >29m.res
> tail -2 29m.res
> 1707727 password hashes cracked, 27304531 left

1707727 is what I am getting with the best64 ruleset that magnum
committed.  1709703 is what I am getting with a revision of "your"
best64 ruleset with only JtR-incompatible lines commented out.

In other words, it looks like the weird rule "o0t o0b" is producing more
cracks than magnum's "f".  Maybe we should (re-)introduce o0b (since the
o0t portion is redundant) between "o0m o1a" and "so0", and drop "f".
I've just tried that, and got 1709703 as expected.

As to the 1793671 vs. 1707727 discrepancy seen above, I think it's part
of how the bug I fixed today manifested itself.  This patch fixes it:

http://www.openwall.com/lists/john-dev/2015/09/21/1

With this patch, running without --fork produces no duplicate lines in
john.pot (again).  With --fork, duplicates in john.pot are still
expected (which is why the bug went unnoticed initially).

You may try that patch.  Please be sure to re-enable CRK_PREFETCH if you
apply the patch on top of magnum's latest commits, which included
temporary disabling of CRK_PREFETCH in params.h.  (Otherwise you'd still
be expected to receive correct results, but won't test the prefetch code.)

So I think we've figured out the above.  What we haven't figured out yet
is why you were getting 1710650 cracks with MDXfind, but I was getting
only 1709703 with JtR.  Maybe it's also a matter of slightly different
rules, or it could be something else.  Could you please post somewhere
(like that sendspace) that list of cracks and its corresponding rules,
if it's still different from what you're getting with JtR for the same
rules?

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ