Date: Wed, 15 Dec 2010 16:16:03 -0500 From: Jon Oberheide <jon@...rheide.org> To: Solar Designer <solar@...nwall.com> Cc: john-users@...ts.openwall.com Subject: Re: JtR/OpenMP against Gawker passwords Solar, On Wed, 2010-12-15 at 23:52 +0300, Solar Designer wrote: > Hi, > > Here's a curious blog post by Jon Oberheide: > > http://www.duosecurity.com/blog/entry/brief_analysis_of_the_gawker_password_dump > > People are actually starting to make use of the OpenMP support/patches > in/for recent versions of John the Ripper. That's nice. In this case, > Jon ran JtR on an 8-core Xeon X5460 machine (two CPU chips) doing over > 20M c/s at the "many salts" test. 399380 out of 748039 password hashes > got cracked. Many of the initial results were from some large wordlists and mangling rules. I know others have been using the OpenMP patches on the Gawker set as well. I'll try to convince my buddy to provide some JtR OpenMP benchmarks on his 64-way box. > Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE > Many salts: 20465K c/s real, 2562K c/s virtual > Only one salt: 16003K c/s real, 1999K c/s virtual For reference, the benchmarked machine was a x86_64 Gentoo box with gcc 4.5.1. > Apparently, this was with 1.7.6-omp-des-7. The slightly older > 1.7.6-omp-des-4 patch, also available on the wiki, would do slightly > better at "many salts" (relevant for the run against Gawker hashes), but > a lot worse at "only one salt" (irrelevant in this case). Ah, nice, I didn't realize -4 was more effective on many-salts. I could run the benchmarks with that patch if that would be desirable. > It's also curious how the Gawker hashes have only 3844 different salts. > Normally, for this number of hashes all possible salts would be present - > that is, there would be exactly 4096 different salts. This suggests a > poor random number generator, which in turn suggests that of the 3844 > salts some likely correspond to a lot more hashes than some others. Thus, > a more efficient attack could be mounted on a large subset of the hashes > (but a much smaller subset of the salts) by using the "--salts" option. I found that very curious as well. I haven't dug into the Gawker's leaked source code to see what they're were actually using for a PRNG/crypt. > Jon - thank you for performing this analysis and making the blog post! > This might be the first blogged actual use of the OpenMP patch, so this > helps to make more people aware of the functionality. No problem, thanks for posting. I'd be happy to answer any questions about the experimental setup if anyone's interested. > What did you mean by this Twitter comment, though - "Bad JtR, why did > you forget to load up a third of the hashes? Grrrr..."? Is this some > kind of usability issue for me to address? That was my fault not realizing I had resumed an previous run. I suppose the status text could be more verbose in terms of session resuming, but that was a human error! :-P Regards, Jon Oberheide -- Jon Oberheide <jon@...rheide.org> GnuPG Key: 1024D/F47C17FE Fingerprint: B716 DA66 8173 6EDD 28F6 F184 5842 1C89 F47C 17FE Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.