Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Dec 2010 00:44:51 +0300
From: Solar Designer <>
To: Jon Oberheide <>
Subject: Re: JtR/OpenMP against Gawker passwords


On Wed, Dec 15, 2010 at 04:16:03PM -0500, Jon Oberheide wrote:
> Many of the initial results were from some large wordlists and mangling
> rules.

BTW, you could want to see:

Maybe you did not try the custom .chr file "trick" (a .chr file based on
your already cracked passwords)?

> I know others have been using the OpenMP patches on the Gawker
> set as well.  I'll try to convince my buddy to provide some JtR OpenMP
> benchmarks on his 64-way box.

Please do!  In fact, it'd be great for him to add an entry here:

> > Benchmarking: Traditional DES [128/128 BS SSE2-16]... DONE
> > Many salts: 20465K c/s real, 2562K c/s virtual
> > Only one salt: 16003K c/s real, 1999K c/s virtual
> For reference, the benchmarked machine was a x86_64 Gentoo box with gcc
> 4.5.1.

Thanks!  You could add that info to the wiki page above, too.  I did
benchmark a very similar machine, but it was under some unrelated load
at the time.

> > Apparently, this was with 1.7.6-omp-des-7.  The slightly older
> > 1.7.6-omp-des-4 patch, also available on the wiki, would do slightly
> > better at "many salts" (relevant for the run against Gawker hashes), but
> > a lot worse at "only one salt" (irrelevant in this case).
> Ah, nice, I didn't realize -4 was more effective on many-salts.

I've just added a clarification to the wiki.

> I could run the benchmarks with that patch if that would be desirable.

That's up to you.

> > It's also curious how the Gawker hashes have only 3844 different salts.
> > Normally, for this number of hashes all possible salts would be present -
> > that is, there would be exactly 4096 different salts.  This suggests a
> > poor random number generator, which in turn suggests that of the 3844
> > salts some likely correspond to a lot more hashes than some others.  Thus,
> > a more efficient attack could be mounted on a large subset of the hashes
> > (but a much smaller subset of the salts) by using the "--salts" option.
> I found that very curious as well. I haven't dug into the Gawker's
> leaked source code to see what they're were actually using for a
> PRNG/crypt.

That would be curious to know, but you don't have to.  You can just use
"--salts" (adjust its parameter) to get more passwords cracked sooner.

> > What did you mean by this Twitter comment, though - "Bad JtR, why did
> > you forget to load up a third of the hashes? Grrrr..."?  Is this some
> > kind of usability issue for me to address?
> That was my fault not realizing I had resumed an previous run. I suppose
> the status text could be more verbose in terms of session resuming, but
> that was a human error! :-P

Yeah, "verbose mode" is on my to-do list for JtR.  There are many things
it could warn/remind about.



Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.