Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <8286add5-a48d-cd0b-8089-28a8ce4b1565@mailbox.org>
Date: Sun, 25 Nov 2018 17:24:57 +0100
From: Frank Dittrich <frank.dittrich@...lbox.org>
To: john-users@...ts.openwall.com
Subject: Re: Chunk of work specification

Hi all,

I just noticed that I accidentally sent a direct reply (prior to
Alexander's replies) instead of replying to the list, so I'll just send
the same information to the list...


Am 24.11.18 um 10:02 schrieb Vojtěch Večeřa:
I know that JtR has --node parameter but it doesn't seem too
> intuitive nor precise when it comes to the exact sizes of chunks.

The trouble is, even if you had chunks of exactly the same chunk size,
some might be much faster than others, e.g., because some chunks crack
many passwords, while others don't. (For fast hash algorithms, writing
the cracked passwords into the pot file and logging the crack in the log
file will have a measurable performance impact.)

But you don't easily (i.e., without a measurable performance impact, at
least for faster hash algorithms) get chunks of the same size for many
cracking modes.
Even for simple --wordlist mode with --rules, where you could define
chunks of the same size, real work depends on how many of the rules get
rejected (e.g., because the hash algorithm isn't case sensitive), or how
many words from the word list file will get rejected, e.g., because they
don't contain a letter a, e, o, i, l, etc.
(So, a node which gets a large chunk of l337 rules will be much faster
than others, because the amount of actual work is smaller.)

For incremental mode, the chunk sizes will vary depending on password
candidate length and the character count. In general, the chunk sizes
will get larger the longer you run incremental mode.
If you want to use --incremental mode with slow hash algorithms, you
could look into john's Parallel external mode, adjust it accordingly,
and run --incremental combined with a different --external=... mode on
each of your machines.
For faster hashes or a large number of nodes, you'll just waste a lot of
CPU time, because each john instance will generate all the password
candidates, but reject all but 1 out of N candidates in --external mode.
(But you'd definitely get chunks of the same size.)

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.