Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 22 Aug 2011 18:49:36 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: John with Radeon graphical card supports?

On Sun, Aug 21, 2011 at 02:05:57AM -0500, Richard Miles wrote:
> > Not enormous, but at most a 2x speedup, which would translate into maybe
> > a few percent of extra passwords cracked.
> 
> I'm far away to be a specialist, but I see people saying that some GPU
> cards may speed up 20 times password cracking in comparison with a
> normal computer CPU. So, if we use 2 GPU cards it will be the double
> (40 times), not?

Almost, but I commented on a different aspect of it.  Namely, I said
that a 2x speedup does not translate into enormous benefits (at least
not under my definition of "enormous") for password cracking.  This is
easy for you to see.  Just run a John the Ripper cracking session for
one hour, one day, whatever one unit of time.  Take note of how many
passwords it cracked.  Then let it run for another unit of time (for 2x
longer total run time).  Take note of how many passwords it cracked
total.  If you run John the Ripper reasonably optimally based on prior
knowledge of typical passwords in general (having it try more likely
passwords first, then less likely ones), you'll notice that it cracks
relatively few passwords during the second half of its running time
under this experiment.  For example, it might be 30% on the first day
and 3% more on the second day.  Thus, by squeezing the two days into one
with twice faster processing you'd increase your percentage cracked on
the first day from 30% to 33%.  This is definitely significant and
desirable, but it is not enormous.

> There is a very great article I wrote sometime ago about this:
> 
> http://erratasec.blogspot.com/2011/06/password-cracking-mining-and-gpus.html

This is a good overview, however the section entitled "The economics of
cracking" is over-simplified - to the point where it is not useful, in
my opinion.  It assumes naive/dumb exhaustive search and fast to compute
hashes, but it does not mention those assumptions explicitly.  Well, it
does say "Lets say you can crack all 8 character passwords within a
day" in one place, yet readers not familiar with the topic will miss
this crucial assumptions and will not know that it is very often wrong.

> > I am not saying we shouldn't support multiple GPUs - we definitely
> > should.  I am merely saying that you're over-estimating the effect.
> > A mere 2x speedup (or even slightly less) does not give "enormous
> > benefits" in terms of actual cracking results.
> 
> I agree with you, maybe I misunderstood the article...

Didn't you just state you "wrote" it? %-)  Nevermind.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.