Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 25 Jul 2009 19:45:51 +0400
From: Solar Designer <>
Subject: Re: Average c/s numbers

Others have already provided helpful replies (thanks!), yet I think I
have something to add.

On Thu, Jul 23, 2009 at 07:54:46AM -0400, ISSCP Security wrote:
> Can someone tell me what are average c/s numbers?

This question is poorly worded, so I'll ignore it. ;-)

> Also is there a way to calculate what the c/s numbers "should" be for a specific PC config?

For those you obtain with "john --test" (a benchmark), please refer to
the wiki page:

> Lastly is there a way to increase the c/s numbers?

Yes, there are many ways, including:

- use the most optimal make target for your system;

- load a larger number of password hashes for cracking at once (you can
load multiple files at once);

- consider using the --salts=... option in order to take advantage of
possible anomalies in the distribution of salts across your hashes;

- on a multi-core system, run multiple instances of JtR at once, making
them try different candidate password sets or/and attack different sets
of salts;

- if you're currently building JtR for 32-bit x86, move to x86-64 (CPU,
OS, build of JtR) for a slight speedup (typically 10% to 50% for the
same CPU, depending primarily on hash type);

- use a newer version of gcc (or your CPU, machine, or OS vendor's
native C compiler), which might or might not result in a speedup;

- tweak the C compiler optimization options, which might or might not
result in a speedup;

- tweak the code - on your own or/and by using a user-contributed patch;

- upgrade your CPU (the rest of the hardware does not matter much).

> right now I'm seeing +/- 2924 on a Intel Celeron CPU 2.00 GHz  good or bad ?

You have provided insufficient information for a "good or bad" type of
response.  "Intel Celeron CPU 2.00 GHz" (which is not a precise CPU
spec, but that's another matter) can't possibly be very fast, though,
and I am guessing that you're getting that c/s rate for a FreeBSD-style
MD5-based hash, which is "a bit slow" even for a CPU "like that".

In general, with questions like this what matters most is the hash type
and whether you're getting a given c/s rate on a --test benchmark (then
it can be directly compared against results for other CPUs) or when
cracking a specific password file (then the "effective" c/s rate is
being reported, which depends on the hashes to salts ratio, as well as
on a few other things).

I could be more specific about this, but for that you need to be more
specific first. ;-)

I hope this helps - not so much to improve your c/s rate directly, but
mostly to improve your understanding of the matter.


To unsubscribe, e-mail and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.