Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Aug 2012 21:22:26 +0400
From: Solar Designer <>
Subject: JtR vs. hashcat on /r/crypto (was: passwords cracked vs. time)

On Tue, Aug 28, 2012 at 08:48:10AM +0200, Simon Marechal wrote:
> Also there is this right now :

Thanks.  atom and I have commented on that thread - discussing this
topic directly and in a public forum for the first time.  (Previous
occasions were extremely brief, even compared to these comments.)  There
is some useful info in there, such as:

1. The password length used for the posted oclHashcat-plus benchmarks is
always 8.  We may take this into consideration during our own
development and benchmarks (such as to see if we have reached hashcat's
speed on a certain hash type on a certain GPU type or not yet).

2. It turns out (was news to me) that hashcat added SunMD5 support
recently (on CPU).  According to atom, it does not use SIMD, yet is
faster than ours with SIMD (JimF's unreleased code in magnum-jumbo).
I've asked atom for specific speed numbers, but we might want to do our
own benchmarks as well (Jim?), if we don't mind running the
closed-source hashcat for that. ;-)

3. Merely curious: we (team john-users) had the question whether JtR was
used by team hashcat in this year's contest or not (among other tools).
Turns out that it was used after KoreLogic's tweeted hint about password
length 21 (this is from a comment by r4d1x), as well as briefly by atom
(not giving any new cracks in that case, so I think not worth a mention
in the writeup for that).

(I guess the use for long passwords did result in some extra cracks.
I think both teams' tools can use some improvement in this area, though.)


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.