Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 22 Aug 2011 18:49:36 +0400
From: Solar Designer <>
Subject: Re: John with Radeon graphical card supports?

On Sun, Aug 21, 2011 at 02:05:57AM -0500, Richard Miles wrote:
> > Not enormous, but at most a 2x speedup, which would translate into maybe
> > a few percent of extra passwords cracked.
> I'm far away to be a specialist, but I see people saying that some GPU
> cards may speed up 20 times password cracking in comparison with a
> normal computer CPU. So, if we use 2 GPU cards it will be the double
> (40 times), not?

Almost, but I commented on a different aspect of it.  Namely, I said
that a 2x speedup does not translate into enormous benefits (at least
not under my definition of "enormous") for password cracking.  This is
easy for you to see.  Just run a John the Ripper cracking session for
one hour, one day, whatever one unit of time.  Take note of how many
passwords it cracked.  Then let it run for another unit of time (for 2x
longer total run time).  Take note of how many passwords it cracked
total.  If you run John the Ripper reasonably optimally based on prior
knowledge of typical passwords in general (having it try more likely
passwords first, then less likely ones), you'll notice that it cracks
relatively few passwords during the second half of its running time
under this experiment.  For example, it might be 30% on the first day
and 3% more on the second day.  Thus, by squeezing the two days into one
with twice faster processing you'd increase your percentage cracked on
the first day from 30% to 33%.  This is definitely significant and
desirable, but it is not enormous.

> There is a very great article I wrote sometime ago about this:

This is a good overview, however the section entitled "The economics of
cracking" is over-simplified - to the point where it is not useful, in
my opinion.  It assumes naive/dumb exhaustive search and fast to compute
hashes, but it does not mention those assumptions explicitly.  Well, it
does say "Lets say you can crack all 8 character passwords within a
day" in one place, yet readers not familiar with the topic will miss
this crucial assumptions and will not know that it is very often wrong.

> > I am not saying we shouldn't support multiple GPUs - we definitely
> > should.  I am merely saying that you're over-estimating the effect.
> > A mere 2x speedup (or even slightly less) does not give "enormous
> > benefits" in terms of actual cracking results.
> I agree with you, maybe I misunderstood the article...

Didn't you just state you "wrote" it? %-)  Nevermind.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.