Date: Fri, 9 Aug 2013 17:41:41 +0400 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: Parallella: bcrypt Katja, On Mon, Aug 05, 2013 at 12:51:22PM +0200, Katja Malvoni wrote: > Yesterday Lukas suggested running john 20 times in a loop with 20 different > sets of hashes and words. I used 1000 hashes and 3000 candidate passwords. > This is the result: > > 1000 password hashes cracked, 0 left > 1000 password hashes cracked, 0 left > 999 password hashes cracked, 1 left > 999 password hashes cracked, 1 left > 1000 password hashes cracked, 0 left [...] > 1000 password hashes cracked, 0 left > 999 password hashes cracked, 1 left I think it'll be easier for you to debug this if you create a program that will verify each and every computed bcrypt hash. (As discussed before, this is not what happens when we're cracking passwords. Although we do use every bcrypt computation results, most failures can go undetected.) With a 100%-verifying program, you should be able to trigger the issue much more quickly and more reliably, so you'd be able to test different theories as to its cause quicker too. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.