Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Oct 2005 08:10:02 +0400
From: Solar Designer <>
Subject: Re: Using Hardwareaccelerators to speed up John


I'll add a few more comments to my response, please see inline:

On Thu, Oct 13, 2005 at 06:33:49AM +0400, Solar Designer wrote:
> The current implementation of the MD5-based crypt(3) in John (that does
> not yet use MMX/SSE/AltiVec and the like, -- great speedups are possible
> here!) achieves 5k c/s on a typical Pentium 4 processor (and up to 10k
> c/s on the fastest ones available).  The 5k c/s correspond to 5 million
> invocations of the MD5 compression function a second, plus a lot of
> "high level" overhead.  The compression function takes a 64-byte data
> block and a 16-byte vector as its input, and produces another 16-byte
> vector as its output.  That's 96 bytes of data to transfer per
> invocation.  (In practice, it is likely that a crypto card would not
> offer the compression function on its own, resulting in more overhead.)
> Ignoring any protocol overhead, that would amount to 480 Mbytes/second
> of data transfer to/from the card.  That's almost 4 times the PCI
> bandwidth.  Of course, faster buses do exist, but didn't we want an
> economical solution and also one allowing to use multiple cards in a
> system (with all sharing the same bus)?

FWIW, the particular crypto card you've been referring to:

can only do 720 Mbps at MD5.  This barely fits in regular PCI, but it is
several times slower than what John currently achieves on typical CPUs:

5000 c/s * 1000 * 64 * 8 / 10**6 = 2.5 Gbps at MD5
> > Offen you'll find just some realy lame Chips on VPN-Hardware but if you
> > don#t buy such a Cisco-Junk solution you could also get such a device here
> > (not sold yet):
> > 
> >
> > 
> > This card could, depends to the algorithm, do e.g. up to 920Mbps of DES.

Having reviewed this URL, I think that the 920 Mbps might correspond to
RC4 and not DES, although I do not rule out the possibility that it
actually refers to both of them.

> Now this is not that bad, however, John already achieves better than
> that on modern CPUs.  In particular, it achieves 1M c/s for traditional
> crypt(3) on PPC G5 1.8 GHz or P4 3.6 GHz (the latter with non-public SSE
> code, I must admit).  This roughly corresponds to 1.6 Gbps at DES.
> PPC G5 2.7 GHz does over 1.6M c/s, which roughly corresponds to 2.5 Gbps
> at DES.
> More importantly, please see above for why this rate likely does not
> apply to password cracking.

Please don't get me wrong, -- these cards are very good for their
intended purpose.  Their performance is in fact very impressive for
their low power consumption.

They're just not good at password cracking.

Alexander Peslyak <solar at>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598 - bringing security into open computing environments

Was I helpful?  Please give your feedback here:

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ