Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 9 Aug 2013 17:41:41 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Parallella: bcrypt

Katja,

On Mon, Aug 05, 2013 at 12:51:22PM +0200, Katja Malvoni wrote:
> Yesterday Lukas suggested running john 20 times in a loop with 20 different
> sets of hashes and words. I used 1000 hashes and 3000 candidate passwords.
> This is the result:
> 
> 1000 password hashes cracked, 0 left
> 1000 password hashes cracked, 0 left
> 999 password hashes cracked, 1 left
> 999 password hashes cracked, 1 left
> 1000 password hashes cracked, 0 left
[...]
> 1000 password hashes cracked, 0 left
> 999 password hashes cracked, 1 left

I think it'll be easier for you to debug this if you create a program
that will verify each and every computed bcrypt hash.  (As discussed
before, this is not what happens when we're cracking passwords.
Although we do use every bcrypt computation results, most failures can
go undetected.)

With a 100%-verifying program, you should be able to trigger the issue
much more quickly and more reliably, so you'd be able to test different
theories as to its cause quicker too.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.