Date: Wed, 28 Jun 2006 06:43:59 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: faster scan for blowfish on OpenBSD 3.9 On Sun, Jun 25, 2006 at 10:30:46PM -0500, Randy B wrote: > >and it is processed with a strong password hashing method. > > *really* strong. When I get presented a blowfish-encrypted password, Not "Blowfish-encrypted", but rather "bcrypt-hashed" or "hashed with the OpenBSD-style Blowfish-based method". This hashing method is _very_ different from Blowfish encryption, although it is based on Blowfish. Blowfish is a fast block cipher. It is faster than DES. bcrypt, on the other hand, is a slow and variable-cost password hashing method built on top of Blowfish. > I start getting all shifty-eyed and try to find something else to do. > There's really no good way to go about them, other than having a > really good dictionary+ruleset and a reasonably poor password. Actually, if strong passwords were not enforced on the target system, chances are that you can get some percentage of passwords cracked despite the use of bcrypt. I did crack about 10% of bcrypt-hashed passwords on a CommuniGate Pro mail server (which lacks password policy enforcement capabilities) on one CPU in a couple of days. > Pretty much, if I can't get even a DES password in 48 hours I give up > - there are far easier and quicker ways to compromise a password. It depends. > Blowfish I'll usually quit after the first two passes - I think that with extra-slow hashes like this, it makes sense to avoid huge non-focused wordlists, but instead to let John run for a while in "incremental" mode after having done with "single crack" and smaller wordlists (with rules). > it's [comparatively] so slow and those BSD-ers typically choose really > nasty passwords. Yes. But bcrypt is starting to be used on non-BSDs as well: http://www.openwall.com/crypt/ > Your biggest chokepoint is the Blowfish algorithm itself - > on an Athlon XP 1800 running 220.127.116.11, the Blowfish > calculations are nearly 2000 times slower than DES. Here, you're comparing bcrypt against the traditional DES-based crypt(3). Both are very different from Blowfish and DES, respectively. Also, bcrypt is variable-cost, meaning that another bcrypt hash (produced with different settings) may be even slower to compute (or a little faster). "john --test" currently benchmarks bcrypt at 32 iterations, which was the default on OpenBSD for a short period of time when bcrypt was just introduced. The default has since been increased, and other systems may use different defaults (Openwall GNU/*/Linux currently uses 256) - or be configured differently, indeed. -- Alexander Peslyak <solar at openwall.com> GPG key ID: B35D3598 fp: 6429 0D7E F130 C13E C929 6447 73C3 A290 B35D 3598 http://www.openwall.com - bringing security into open computing environments Was I helpful? Please give your feedback here: http://rate.affero.net/solar -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ