Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Dec 2010 16:16:03 -0500
From: Jon Oberheide <>
To: Solar Designer <>
Subject: Re: JtR/OpenMP against Gawker passwords


On Wed, 2010-12-15 at 23:52 +0300, Solar Designer wrote:
> Hi,
> Here's a curious blog post by Jon Oberheide:
> People are actually starting to make use of the OpenMP support/patches
> in/for recent versions of John the Ripper.  That's nice.  In this case,
> Jon ran JtR on an 8-core Xeon X5460 machine (two CPU chips) doing over
> 20M c/s at the "many salts" test.  399380 out of 748039 password hashes
> got cracked.

Many of the initial results were from some large wordlists and mangling
rules.  I know others have been using the OpenMP patches on the Gawker
set as well.  I'll try to convince my buddy to provide some JtR OpenMP
benchmarks on his 64-way box.

> Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
> Many salts: 20465K c/s real, 2562K c/s virtual
> Only one salt: 16003K c/s real, 1999K c/s virtual

For reference, the benchmarked machine was a x86_64 Gentoo box with gcc

> Apparently, this was with 1.7.6-omp-des-7.  The slightly older
> 1.7.6-omp-des-4 patch, also available on the wiki, would do slightly
> better at "many salts" (relevant for the run against Gawker hashes), but
> a lot worse at "only one salt" (irrelevant in this case).

Ah, nice, I didn't realize -4 was more effective on many-salts. I could
run the benchmarks with that patch if that would be desirable.

> It's also curious how the Gawker hashes have only 3844 different salts.
> Normally, for this number of hashes all possible salts would be present -
> that is, there would be exactly 4096 different salts.  This suggests a
> poor random number generator, which in turn suggests that of the 3844
> salts some likely correspond to a lot more hashes than some others.  Thus,
> a more efficient attack could be mounted on a large subset of the hashes
> (but a much smaller subset of the salts) by using the "--salts" option.

I found that very curious as well. I haven't dug into the Gawker's
leaked source code to see what they're were actually using for a

> Jon - thank you for performing this analysis and making the blog post!
> This might be the first blogged actual use of the OpenMP patch, so this
> helps to make more people aware of the functionality.

No problem, thanks for posting. I'd be happy to answer any questions
about the experimental setup if anyone's interested.

> What did you mean by this Twitter comment, though - "Bad JtR, why did
> you forget to load up a third of the hashes? Grrrr..."?  Is this some
> kind of usability issue for me to address?

That was my fault not realizing I had resumed an previous run. I suppose
the status text could be more verbose in terms of session resuming, but
that was a human error! :-P

Jon Oberheide

Jon Oberheide <>
GnuPG Key: 1024D/F47C17FE
Fingerprint: B716 DA66 8173 6EDD 28F6  F184 5842 1C89 F47C 17FE

Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.