Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 17 Jun 2012 14:23:06 +0200
From: Tavis Ormandy <taviso@...xchg8b.com>
To: john-dev@...ts.openwall.com
Subject: Re: Re: [patch] optional new raw sha1 implemetation

Hey magnum, I implemented one of Simon's suggestions, as well as your
fixes, and some other minor performance adjustments like an XMM bswap
and using a lookup table instead of a branch in set_key().

Simon suggested requesting more than 4 passwords at a time, then
buffering them to reduce the overhead of multiple function calls. That sounds
like a nice easy performance win, and from testing around 128 seems to be the
right number to request on my machine (i tried powers of two up to 8192, and
256 wins).

Current HEAD:

$ time ../run/john --format=rawsha1_sse4 passwords 
Loaded 1 password hash (Raw SHA-1 [taviso sse4])
madmda16         (?)
guesses: 1  time: 0:00:01:30 DONE (Sun Jun 17 13:41:17 2012)  c/s: 9429K  trying: madmda11 - madmda16
Use the "--show" option to display all of the cracked passwords reliably

real    1m30.985s
user    1m30.596s
sys     0m0.064s

With Simon's idea @256:

$ rm ../run/john.pot; time ../run/john --format=rawsha1_sse4 passwords 
Loaded 1 password hash (Raw SHA-1 [taviso sse4])
madmda16         (?)
guesses: 1  time: 0:00:01:19 DONE (Sun Jun 17 13:56:51 2012)  c/s: 10843K  trying: madmduft - madmdr93
Use the "--show" option to display all of the cracked passwords reliably

real    1m19.122s
user    1m18.554s
sys     0m0.091s

Not bad!

I've also written an alternative to the SSE4 compare, it's slower on my
machine, but not by much, so you can use it even if you don't have SSE4.

I'll try to send you a pull request, but I've never used github before,
so please forgive me if I get it wrong.

Tavis.

On Sun, Jun 17, 2012 at 11:06:26AM +0200, magnum wrote:
> Blimey, you are correct. How long has it been this way?? I'll fix them.
> 
> magnum
> 
> 
> On 2012-06-17 03:56, jfoug wrote:
> >Dyna 12 is NOT correct.  Any raw-sha1 format doing that is wrong.  It should
> >be dyna_26
> >
> >>
> >>I now replaced it with strrchr() as it's working on a string anyway. I
> >>also added the $dynamic_12$ tag other raw SHA1 formats use. And the
> >>format announced FMT_SPLIT_UNIFIES_CASE which was not correct until now.
> >>
> >>magnum
> >
> >
> 

-- 
-------------------------------------
taviso@...xchg8b.com | pgp encrypted mail preferred
-------------------------------------------------------

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.