Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Thu, 16 Dec 2010 00:44:51 +0300
From: Solar Designer <solar@...nwall.com>
To: Jon Oberheide <jon@...rheide.org>
Cc: john-users@...ts.openwall.com
Subject: Re: JtR/OpenMP against Gawker passwords

Jon,

On Wed, Dec 15, 2010 at 04:16:03PM -0500, Jon Oberheide wrote:
> Many of the initial results were from some large wordlists and mangling
> rules.

BTW, you could want to see:

http://www.openwall.com/lists/john-users/2010/12/15/3

Maybe you did not try the custom .chr file "trick" (a .chr file based on
your already cracked passwords)?

> I know others have been using the OpenMP patches on the Gawker
> set as well.  I'll try to convince my buddy to provide some JtR OpenMP
> benchmarks on his 64-way box.

Please do!  In fact, it'd be great for him to add an entry here:

http://openwall.info/wiki/john/benchmarks

> > Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
> > Many salts: 20465K c/s real, 2562K c/s virtual
> > Only one salt: 16003K c/s real, 1999K c/s virtual
> 
> For reference, the benchmarked machine was a x86_64 Gentoo box with gcc
> 4.5.1.

Thanks!  You could add that info to the wiki page above, too.  I did
benchmark a very similar machine, but it was under some unrelated load
at the time.

> > Apparently, this was with 1.7.6-omp-des-7.  The slightly older
> > 1.7.6-omp-des-4 patch, also available on the wiki, would do slightly
> > better at "many salts" (relevant for the run against Gawker hashes), but
> > a lot worse at "only one salt" (irrelevant in this case).
> 
> Ah, nice, I didn't realize -4 was more effective on many-salts.

I've just added a clarification to the wiki.

> I could run the benchmarks with that patch if that would be desirable.

That's up to you.

> > It's also curious how the Gawker hashes have only 3844 different salts.
> > Normally, for this number of hashes all possible salts would be present -
> > that is, there would be exactly 4096 different salts.  This suggests a
> > poor random number generator, which in turn suggests that of the 3844
> > salts some likely correspond to a lot more hashes than some others.  Thus,
> > a more efficient attack could be mounted on a large subset of the hashes
> > (but a much smaller subset of the salts) by using the "--salts" option.
> 
> I found that very curious as well. I haven't dug into the Gawker's
> leaked source code to see what they're were actually using for a
> PRNG/crypt.

That would be curious to know, but you don't have to.  You can just use
"--salts" (adjust its parameter) to get more passwords cracked sooner.

> > What did you mean by this Twitter comment, though - "Bad JtR, why did
> > you forget to load up a third of the hashes? Grrrr..."?  Is this some
> > kind of usability issue for me to address?
> 
> That was my fault not realizing I had resumed an previous run. I suppose
> the status text could be more verbose in terms of session resuming, but
> that was a human error! :-P

Yeah, "verbose mode" is on my to-do list for JtR.  There are many things
it could warn/remind about.

Thanks,

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ