Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 24 May 2012 14:30:34 -0400 (EDT)
From: "Brad Tilley" <>
Subject: Re: Can Excessive Rounds make Password cracking 

> Hello Brad,
> You have started a good discussion. I believe, by number of rounds you
> mean number of iterations?

Yes, in general, it has been my experience that those terms are used
interchangeably and have the same meaning. glibc's sha512-crypt.c uses the
term 'rounds' and the pam configuration files do as well, but iterations
is often used by OpenBSD devs, etc.

> If so, yes, by increasing the number of iterations in a hashing algorithm,
> the resultant hash becomes stronger. However, the function performed by
> the hashing algorithm in each iteration need not be the same.

I understand this and the other points you make. My question is about the
feasibility of cracking such hashes. In my mind, outside of a simple word
list or two to check for the top 1000 most commonly used passwords or so,
I don't think I would bother attempting to crack these much more than

That's what I was hoping to discuss in this thread. Would others take time
and resources to attempt to crack these sort of hashes beyond the very
basic tests or not?

Thanks again,


> For instance, in the case of MD5-crypt, of the 1000 iterations that take
> place, during each iteration the function performed by the hashing
> algorithm is different based on the iteration counter.
> Blowfish hashes provide you a way to decide the number of iterations as
> well.
> $2a$<logarithm 2 of the number of iterations>$.........
> However, what you state below, the number of iterations look extremely
> high (391939).
> While implementing a cryptographic hashing algorithm, besides its strength
> the computational feasibility also needs to be kept in mind.
> May I ask you, what is the distro of Linux you are using?
> I hope other experienced people on this mailing list would share their
> ideas as well.
> Thanks.
> ________________________________
>  From: Brad Tilley <>
> To:
> Sent: Thursday, May 24, 2012 11:36 PM
> Subject: [john-users] Can Excessive Rounds make Password cracking
> Infeasable
> This is slightly off-topic as it does not specifically relate to John use,
> but I wanted to ask the opinions of others here. When do rounds make
> password cracking infeasible, or do they? For example, the hash below is a
> SHA-512 hash with 391939 rounds applied. You can actually feel the delay
> at logon (about 2 seconds on newer machines):
> test:$6$rounds=391939$UqhsyLSZ$F/K1CGpBf9yefYXCRbY5uK/LW1HzW8EiPCzdq8PMVvZ4JLhb4F464ps87MX/YwYEI0s62KIsnZBuCt45a.A4I0:1002:1002::/home/test:/bin/sh
> The source code of sha512-crypt.c sets this as the maximum number of
> rounds so Linux sys admins could configure this number even higher:
>    /* Maximum number of rounds.  */
>    #define ROUNDS_MAX 999999999
> So long as the passwords are sufficiently complex and users can't select
> simple words such as 'password' for their password, I would think that
> these hashes are close to un-crackable (certainly not in a reasonable time
> period anyway). What do other John users think?
> Thanks,
> Brad

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.