Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 04 Apr 2006 20:57:46 +0200
From: "Frank Dittrich" <frank_dittrich@...mail.com>
To: john-users@...ts.openwall.com
Subject: RE: JTR and Speed

websiteaccess wrote:
>when I try to crack only 1 encrypted password (test:ff1h8jxYkeeEY), I
>use my own wordlist , I have 507827 C/s (see below)
>-------------------------------------------------
>Loaded 1 password hash (Traditional DES [128/128 BS AltiVec])
>guesses: 0  time: 0:00:00:10 5%  c/s: 507827  trying: wi46 - wins46
>John25           (test)
>guesses: 1  time: 0:00:00:16 100%  c/s: 503350  trying: Jklmno25 -
>Joonas25
>
>
>  When I try to crack 527 encrpyted (same wordlist used), I use my own
>wordlist,  I have 5350K (5,350,000) c/s ! (see below)
>-------------------------------------------------
>Loaded 527 password hashes with 90 different salts (Traditional DES
>[128/128 BS AltiVec])
>guesses: 0  time: 0:00:00:02 0%  c/s: 5350K  trying: jetski - jism
>
>
>Could you tell why that difference between 507827 and 5,350,000 c/s ?

That's because it's much more run time consuming
to compute a hash, than it is to compare the computed hash
with a given hash.

John reports the number of password candidates tried,
multiplied by the number of (uncracked) entries in the password file.

So, if you have on average N password hashes per salt
(for DES, the salt is equal to the first 2 characters of the hash),
the cracking speed increases roughly by a factor of N.

Frank


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ