Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 9 Sep 2011 11:18:37 +0400
From: Solar Designer <>
Subject: Re: Question over validity of concept in JtR's benchmarking code.

Jim -

On Thu, Sep 08, 2011 at 04:27:58PM -0500, jfoug wrote:
> Is sending correct passwords to the benchmark functions a 'valid' way to
> benchmark?    In real testing, we assume that a correct password, is a VERY
> rare event. There may be billions, or 100's of billions of passwords tested,
> before a correct password is found (if ever).
> Would it not make more sense, to provide incorrect passwords when
> benchmarking the format?

You're right.  It just did not affect benchmark results for hash types
supported in the main/conservative JtR tree.  In -jumbo and other
patches, we probably now have formats where this makes a difference, so
it may be time to make the benchmarking more real-world'ish.  (I haven't
considered your specific proposed changes yet.)

I also would like to have benchmarking continue to test the functions
for correct operation.  Right now, those extra seconds are wasted in
terms of testing.  We're only using them to get the performance numbers.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.