Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 07 Mar 2010 02:25:18 +0100
From: "Magnum, P.I." <>
Subject: Re: Feedback on the generic crypt(3) patch

Magnum, P.I. skrev:
>> It also adds some dupe-salt checking code that seemed to be missing, 
>> in the unlikely case there are duplicates.
> Hm, some tests reveal that it still doesn't recognize duplicate salts. 
> It probably doesn't make much sense anyway as the system call won't take 
> benefit from duplicate salts. Still, I'd like the output of "Loaded x 
> password hashes with y different salts" to come out right. What did I miss?

Sorry again for the spamming, I really thought I got it right but I got 
the lengths wrong despite what I thought were valid double-checks. I 
enclose a fixed fix of the fix. Like before, this patch can be applied 
after Solar's "john-"

Another strange thing though. I made up a password file of 1000 entries 
using the same salt. SHA-256 performs at ~275000 c/s and SHA-512 at 
119000 c/s. The benchmarks report figures (for "same salt" too) in order 
of 1/1000 of that. When I test the same using different salts, it 
performs at about the speed as reported by the benchmark. This tells me 
there is actually a benefit of duplicate salts which is a surprise in 
itself, and why isn't the benchmark reflecting this?

View attachment "crypt-benchmark.diff" of type "text/x-patch" (2693 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.