Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 4 May 2017 19:32:43 +0200
From: Patrick Proniewski <p+password@...atpro.net>
To: john-users@...ts.openwall.com
Subject: Re: How long to recover RAR3 SHA-1 AES [32/64] hash pwd

Hi,

On 04 mai 2017, at 18:25, magnum wrote:

> On 2017-05-02 01:02, Nick Wilsdon wrote:
>> I'm trying to recover a password to an old .rar file - RAR3 SHA-1 AES
>> [32/64]
>> It's possibly up to 10 characters, lower-case alpha-numeric. I've been
>> trying incremental mode, as my wordlists and guesses haven't worked (7 days
>> so far)
>> Looking at tools like - http://calc.opensecurityresearch.com/ - that seems
>> to indicate this approach can potentially take 2.4m years. Can anyone
>> confirm, before I build Deep Thought and pass on instructions to future
>> generations?*
> 
> That would be correct if you run it on a single, slow, CPU core (about 50 c/s). Newer high-end ones should do twice of that or more. Using a GPU or better yet several of them would speed it up substantially but even a 1000x boost wont help from 2.4 million years of course.


I'm not sure about the 1000x boost. I've just tried a bench and got those results:

$ OMP_NUM_THREADS=1 ./john --test --format=rar
Warning: OpenMP is disabled; a non-OpenMP build may be faster
Benchmarking: rar, RAR3 (4 characters) [SHA1 256/256 AVX2 8x AES]... DONE
Raw:	117 c/s real, 117 c/s virtual

$ ./john --test --format=rar
Will run 32 OpenMP threads
Benchmarking: rar, RAR3 (4 characters) [SHA1 256/256 AVX2 8x AES]... (32xOMP) DONE
Raw:	1450 c/s real, 45.8 c/s virtual

$ ./john --test --format=rar-opencl
Will run 32 OpenMP threads
Device 1: GeForce GTX 1080
Benchmarking: rar-opencl, RAR3 (length 5) [SHA1 OpenCL AES]... (32xOMP) DONE
Raw:	26771 c/s real, 22755 c/s virtual

$ ./john --test --format=rar-opencl --mask
Will run 32 OpenMP threads
Device 1: GeForce GTX 1080
Benchmarking: rar-opencl, RAR3 (length 5) [SHA1 OpenCL AES]... (32xOMP) DONE, GPU util:100%
Raw:	31507 c/s real, 28444 c/s virtual


So I got about 270x boost on GPU, compared to CPU without OMP, and only ~22x boost compared to full OMP. OK, it's a dual Xeon E5-2620 v4 (8 cores each). And to be fair, the GPU was used by an hashcat session that I've paused before launching the bench. I'm not sure if it can degrade the performances here.

~31000 c/s means you can test everything between 1 and 5 random [a-z0-9] in less than an hour, 6 random [a-z0-9] in less than 20 hours. It'll cost you a month to test every 7 characters long candidates, about 3 years for 8 char. Everything longer is out of reach.

patpro

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.