Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 02 Aug 2007 00:29:38 +0200
From: Dirk Wetter <>
Subject: Re: incremental mode, estimation of computing time

On 01.08.2007 23:08, Russell Fulton wrote:

>> is there any formula for a given hash, given length of the password,
>> computation power [c/s] (and may be other parameters) concerning the
>> computation time?
> My understanding is that there isn't.   The whole point of the hash is
> that it should not leak any information about the original password. 

Yes, but in my understanding JtR does not try to revert the hash function
but does a trial and error with "guessed" pws. This is a finite number
assuming length and characters are known or configured in john.conf .

My first assumption was worst case, means JtR tries every possibility
and the last one is it.

> then all you could do would be to give an
> upper bound since JtR's incremental mode is not a straight a,..z,
> ab,   type operation.  

Yes, that's more or less what I had in mind. Worst case in which time a
password is achieved. Average, or any kind of probability functions
are IMHO understanding of statistics only different mathematical functions
of worst case. But maybe that depends also on the algorithm.

It would help in general to estimate what hardware is needed. Or
if the other way round if you restricted to what you have you
could estimate whether it makes sense to start this JtR run at all.


Dirk Wetter @ Dr. Wetter IT-Consulting
Beratung IT-Sicherheit + Open Source
Key fingerprint = 2AD6 BE0F 9863 C82D 21B3  64E5 C967 34D8 11B7 C62F

Found core file older than 7 days: /usr/share/man/man5/core.5.gz

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.