Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Apr 2012 16:51:40 -0500
From: "jfoug" <>
To: <>
Subject: RE: PDF format

Almost all of the speed problems, within the salt system, are calling crack
to test for 'something', when you do not have a password.  IF (and that's a
big if), this code really does need to be done, then we should ONLY do this
at load time, and not every time we reload a salt.

if (encdata->revision == 2) {
	if (knownPassword) {
		if (!isUserPasswordRev2())
			return false;
		memcpy(encKeyWorkSpace, pad, 32);
	} else {
		memcpy(password_user, pad, 32);
**		//knownPassword = isUserPasswordRev2();
++		knownPassword = true;
} else if (e->revision >= 3) {
	memcpy(buf, pad, 32);
	memcpy(buf + 32, e->fileID, e->fileIDLen);
	tmp = malloc(sizeof(uint8_t) * 16);
	md5(buf, 32 + e->fileIDLen, tmp);
	rev3TestKey = tmp;
	if (knownPassword) {
		if (!isUserPasswordRev3())
			return false;
		memcpy(encKeyWorkSpace, pad, 32);
	} else {
		memcpy(password_user, pad, 32);
**		//knownPassword = isUserPasswordRev3();
++		knownPassword = true;

I show where I simply comment things out ( the ** lines ), and where I added
new lines ( the ++ lines ).  I am not sure the ++ is correct or not.  By
making only these changes (and those functions are the workhorses called
within the crypt_all function), then multi-salt runs at 95% the speed of 1
salt (vs about 45% in the current build).  


>-----Original Message-----
>From: Dhiru Kholia []
>Sent: Thursday, April 12, 2012 10:17 AM
>Subject: Re: [john-dev] PDF format
>On Sun, Mar 25, 2012 at 6:47 PM,  <> wrote:
>> The logic in get_salt() and set_salt() should be reversed.
>> Within pdf (and a few other formats), a lot of time is spent within
>the set_salt function, parsing, allocating, setting up a complex
>structure.   This type of work should NOT be done within the runtime
>loop.  If done in set_key(), then it is in the runtime loop, and each
>salt computation will be done for EACH salt for EACH password (block of
>pw's) attempted.  This time spent in set_salt() will GREATLY slow down
>the format.
>> If this same logic is moved to get_salt(), then it will be done ONE
>time, for each salt, at the load time of john.  There will be no runtime
>penalty for a 'complex' salt.
>This is now done and committed to magnum-jumbo. However "many salts"
>case is still slower than "one salt" case. Is this due to initPDFCrack
>function being called from set_salt?

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.