Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Oct 2016 17:13:51 +0000 (UTC)
From:  <apingis@...nwall.net>
To: "john-dev@...ts.openwall.com" <john-dev@...ts.openwall.com>
Subject: Re: USB-FPGA development

Hi,

descrypt-ztex format is ready. I've created pull request at bleeding-jumbo: 
https://github.com/magnumripper/JohnTheRipper/pull/2307

Running test on 3 boards for the 2nd day.

It works however there are still issues.
1. Mask implementation details. 
1.1. In mask mode, it has to reconstruct a plaintext candidate out of template key and mask data. For that, it creates an array 'mask_int_cand.int_cand' - 4 bytes for every possible candidate. Then formats use the array for lookups.
The problem is that the array uses too much resources - with mask "?w?a?a?a?a" it uses 310 MBytes of RAM and ~2 sec. of CPU time for initialization. I was unable to check with mask such as "?w?b?b?b?b" because ?b doesn't seem to work correctly with 7-bit format, but I can calculate it would use up to 4 Gbytes of RAM and would cause substantial delay on program startup.
descrypt-ztex format uses divisions to reconstruct plaintext candidates, doesn't use 'mask_int_cand.int_cand' array. With on-device comparator that filters out overwhelming majority of computation results, reconstruction of plaintext candidates becomes rarily used function (called several times per second). Also I can't exclude cases where Ztex devices are connected to cost-optimized host system, in such cases host system might have no enough RAM.
So it would be great to skip allocation and initialization of 'mask_int_cand.int_cand' array if format doesn't use that.

2. Self-test.
2.1. For test array, I've generated several hashes with same salt and partial binaries. That is, on-device comparator is loaded with first 35 bits of hashes and they are the same, resulting in false positives. That cause self-test to fail. If that hashes are used for creation of password file then it works as expected, false positives successfully ruled out with cmp_exact() including the case where several false positives occur in one crypt_all() call.
2.2. "Warning: salt() returned misaligned pointer" self-test message. Format has 2-byte salt and I've set salt alignment to 2 bytes - is that correct or I should set salt_align to ARCH_WORD? Salt on host system is rarily accessed.
2.3. I've implemented a warning when mask is too short and that results in performance degradation because USB 2.0 link has no enough bandwith. The warning appears during self-test and it looks confusing. How can format know when self-test is running, to suppress the warning? Is it planned to add usage of mask in self-test?

3. FMT_REMOVE. How does format know when some binary was removed? If that's possible I'd prefer to keep comparator configuration until it actually changes - skipping unnecessary transfers to device would improve performance in case where only one salt is being audited. So far FMT_REMOVE is not implemented.


Denis

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ