Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 29 Jul 2012 12:36:58 -0500
From: Jeffrey Goldberg <>
To: "" <>
Subject: Agilekeychain c/s oddly not dependent on PBKDFD2 iterations

I've been trying to benchmark format agilekeychain-opencl and have found that when I run it against data with 1000 PBKDF2 iterations and one with 28000 PBKDF2 iterations I get about 4400 c/s in both cases.

Am I misreading the c/s report?

% ./john -fo:agilekeychain-opencl jeffs-agilekeychain-28k-for-john.txt
OpenCL platform 0: Apple, 2 device(s).
Using device 0: Intel(R) Xeon(R) CPU           W3520  @ 2.67GHz
Compilation log: <program source>:304:16: warning: comparison of integers of different signs: 'int' and 'unsigned int'
        for (i = 0; i < keylen; i++)
                    ~ ^ ~~~~~~

Loaded 1 password hash (1Password Agile Keychain PBKDF2-HMAC-SHA-1 AES [OpenCL])
guesses: 0  time: 0:00:30:46 0.00% (3)  c/s: 4416  trying: twerin! - twojoha
Session aborted

And here is the first portion of jeffs-agilekeychain-28k-for-john.txt


(This is from my real 1Password data, so I think you will understand why I'm not going to post the whole thing.)

Anyway, I get a similar result (about 4300 c/s) when I run this against data that has just 1000 PBKDF2 iterations.

It is very possible that I am misunderstanding the c/s that gets reported, but if not something is wrong here. I've looked at agilekeychain_fmt_plug.c and it appears to be setting the custom salt, cs.iternations, correctly. But I am wondering if that isn't getting used properly.

I will do some more testing with sample 1Password data with a findable master password.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.