Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 03 Apr 2008 18:15:15 +0200
From: Markus Friedel <>
Subject: Re: John + Boinc

Thanks for your answer.
Some more details of my project:

i have about 80 AMD Dual-Core Opteron 180 / 2.4 GHz with each 4 gig RAM
also i have 400 Passwords form LDAP.
My first thought was to deploy one passwd to each PC and let work them 
for some hours.
The seconde thought was to deploy the same passwd to all PCs and split 
the range of the wordlist they have to use.
So i don't know if it is the right approach to use my ressources to get 
some of the passwords cracked.
The purpose of this project is to find weak passwords and shows it to me 
which are the ones.


RB schrieb:
>> I need something like a wrapper around john. So that i can control
>> john via Boinc.
> Presumably so you can parallelize the process; interest in this goes
> in spurts, so it must be that time again.  Short answer: nothing
> particular to Boinc exists that I am aware of.
> In greater detail: depending on what you want to do there are several
> approaches to this each with varying success, but none that really
> address it properly.  The crux of the matter is that parallelizing a
> workload like JtR intelligently is not a small problem, mostly due to
> the intelligent candidate password ordering it does.  Additionally,
> the heavy use of assembly makes non-local (networked) parallelism much
> harder.  Those two features (ordering & really fast ASM) are, in my
> opinion, what set JtR apart from the rest of the crowd of password
> crackers and makes it a professional tool, not a kiddie script.
> Probably the most successful parallelization attempt is John
> Anderson's maintenance of Ryan Lim's MPI patchset
> (, as it does a decent job of
> spreading the workload across multiple nodes.  Unfortunately its
> utility is reduced since it only really works for brute-force
> (--incremental) mode.  Even so, with enough participating processors
> and a fast enough backbone thrown at it, an MPI cluster can overcome
> the lack of elegance with pure force and make a reasonably quick pass
> at specific problem sets.
> Other approaches try to split the keyspace (usually using some
> --external module) among cluster participants, but are hugely
> inefficient due to uneven key distribution.  You could probably script
> something quick-and-dirty with bash for Boinc in this manner, but keep
> in mind that it's likely not going to give you the speed or
> scalability you're looking for.
> I should work up a thesis or an RFC on an algorithm for predicting
> when questions will be repeated on a given ML. ;)

To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.