Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 27 May 2006 14:39:02 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Parallalizing John the Ripper

On Sat, May 27, 2006 at 11:36:41AM +0200, Otheus (aka Timothy J. Shelling) wrote:
> On 5/26/06, Solar Designer <solar@...nwall.com> wrote:
> >Please refer to this john-users posting:
> >
> >http://article.gmane.org/gmane.comp.security.openwall.john.user/759
> >
> >and, more importantly, to two other postings referred from this one.  In
> >particular, there's a link to an existing John/MPI hack.
> 
> I looked at his hack. First, it needs some updating to run on my AMD 64s.

FWIW, older versions of John would compile for x86-64 just fine, too -
you just have to use "make generic" with those.  Yes, they would be slower.

> I'm not sure what kind of updating, but going from 1.6.36 to .1.7.x will
> require work one way or the other.  So I decided to look at the diffs in
> Ryan's MPI patch.
> 
> It's clear that he splits the keyspace, but I'm not exactly sure how. I
> think it's in inc.c between lines 471 and 483.  He modifies "ptr" with an
> arbitrary multiplier ("3") times the number of MPI tasks. Anyone care to
> share insight?

Yes, he is splitting the "incremental mode" keyspace.  The multiplier is
not arbitrary.  Rather, it's 3 because each "cracking order" entry
contains three parameters (see the comment in charset.h).  So it's just
to set ptr to the beginning of an entry.

> That's basically what the patch does, though it also individuates all the
> files -- the .rec file, the .pot file, etc.
> 
> It seems to me that modifying the .pot file is not necessary, and modifying
> the .rec file is only used for recovery.

That's correct.  He did not have to make the tasks use separate .chr and
.pot files - shared files would work just fine.

> I am thinking about re-doing his patch so that only the root task does any
> of the file IO. The other tasks talk back to the root task when they find a
> match. Recovery would happen about the same way. Finally, an --extend
> filter() function could be used to divide the keyspace differently than a
> default method.

That's up to you. :-)

To provide some context, in recent private e-mails to Otheus I wrote:

... basically MPI and other generic parallel processing libraries are
inappropriate for practical uses of John, in my opinion.  But you can
feel free to experiment with that for fun anyway. :-)

The performance can be fine, but reliability, security, and usability
won't be.

P.S. I just found two other John/MPI hacks, besides Ryan Lim's, on my
hard drive - for a total of three.  One of those is from 2001, the other
is from 2004 and in fact includes a reference to Ryan Lim's work - but
it's different.  Yours is going to be at least the fourth...

-- 
Alexander Peslyak <solar at openwall.com>
GPG key ID: B35D3598  fp: 6429 0D7E F130 C13E C929  6447 73C3 A290 B35D 3598
http://www.openwall.com - bringing security into open computing environments

Was I helpful?  Please give your feedback here: http://rate.affero.net/solar

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ