Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 13 Oct 2005 08:10:02 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Using Hardwareaccelerators to speed up John

Sebastian,

I'll add a few more comments to my response, please see inline:

On Thu, Oct 13, 2005 at 06:33:49AM +0400, Solar Designer wrote:
> The current implementation of the MD5-based crypt(3) in John (that does
> not yet use MMX/SSE/AltiVec and the like, -- great speedups are possible
> here!) achieves 5k c/s on a typical Pentium 4 processor (and up to 10k
> c/s on the fastest ones available).  The 5k c/s correspond to 5 million
> invocations of the MD5 compression function a second, plus a lot of
> "high level" overhead.  The compression function takes a 64-byte data
> block and a 16-byte vector as its input, and produces another 16-byte
> vector as its output.  That's 96 bytes of data to transfer per
> invocation.  (In practice, it is likely that a crypto card would not
> offer the compression function on its own, resulting in more overhead.)
> Ignoring any protocol overhead, that would amount to 480 Mbytes/second
> of data transfer to/from the card.  That's almost 4 times the PCI
> bandwidth.  Of course, faster buses do exist, but didn't we want an
> economical solution and also one allowing to use multiple cards in a
> system (with all sharing the same bus)?

FWIW, the particular crypto card you've been referring to:

http://www.soekris.com/vpn1461.htm

can only do 720 Mbps at MD5.  This barely fits in regular PCI, but it is
several times slower than what John currently achieves on typical CPUs:

5000 c/s * 1000 * 64 * 8 / 10**6 = 2.5 Gbps at MD5
 
> > Offen you'll find just some realy lame Chips on VPN-Hardware but if you
> > don#t buy such a Cisco-Junk solution you could also get such a device here
> > (not sold yet):
> > 
> > http://www.soekris.com/vpn1461.htm
> > 
> > This card could, depends to the algorithm, do e.g. up to 920Mbps of DES.

Having reviewed this URL, I think that the 920 Mbps might correspond to
RC4 and not DES, although I do not rule out the possibility that it
actually refers to both of them.

> Now this is not that bad, however, John already achieves better than
> that on modern CPUs.  In particular, it achieves 1M c/s for traditional
> crypt(3) on PPC G5 1.8 GHz or P4 3.6 GHz (the latter with non-public SSE
> code, I must admit).  This roughly corresponds to 1.6 Gbps at DES.
> PPC G5 2.7 GHz does over 1.6M c/s, which roughly corresponds to 2.5 Gbps
> at DES.
> 
> More importantly, please see above for why this rate likely does not
> apply to password cracking.

Please don't get me wrong, -- these cards are very good for their
intended purpose.  Their performance is in fact very impressive for
their low power consumption.

They're just not good at password cracking.

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ