Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 25 Mar 2019 19:48:14 +0100
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: Question about GPU attack modes

On Tue, Jan 08, 2019 at 08:26:17PM +0100, Lukas Odzioba wrote:
> wt., 8 sty 2019 o 14:37 Matt Weir <cweir@...edu> napisa??(a):
> > I apologize since I haven't used JtR much with GPU support, but what
> > current attack modes are available using the GPU? Aka is Markov,
> > Incremental, wordlist, etc, supported?
> 
> Technically all because we can generate candidates on a cpu and send
> them to the gpu to calculate.
> It is ok for slow formats but things like raw-* suffer from PCIe
> performance bottleneck..

Lukas is correct.

> We had some improvements to the mask mode to generate candidates on a
> gpu, but I am not sure about its current state.

We have on-device mask mode support for (almost?) all fast hash types
for which we have OpenCL support at all.  Further, such on-device mask
support can be used along with a host-provided stream of partial
candidate passwords to form a variety of hybrid modes.  For example,
these are all valid:

Test 7-character any printable ASCII strings, with a reasonable number
of the mask positions being processed on device (JtR decides host to
optimally split the mask between host and device):

--mask='?a?a?a?a?a?a?a'

Ditto:

--mask='?a' --min-length=7 --max-length=7

Ditto, but for range of lengths 1 to 8:

--mask='?a' --min-length=1 --max-length=8

Can also use length ranges with more complex masks, where the last mask
component would be the one extended to higher lengths:

--mask='start?l?d' --min-length=7 --max-length=14

Use the host's incremental mode to test strings of digits in a smart
order, then append 3 more digits in a dumber order on device, no
specific length (so let incremental mode switch lengths back and forth
like it usually does):

--incremental=digits --mask='?w?d?d?d'

Ditto, but limit this to (total) length of 8 (adjusts incremental mode
to only produces length 5 for its portion):

--incremental=digits --mask='?w?d?d?d' --min-length=8 --max-length=8

Have the host generate all-lowercase substrings in a smart order, then
prepend an uppercase letter and append 3 digits, at least some of this
on device:

--incremental=lower --mask='?u?w?d?d?d'

Read a wordlist on host, apply wordlist rules on host, then append 3
digits on device:

-w=word.lst --rules=jumbo --mask='?w?d?d?d'

Duplicate words, then append 3 digits on device:

-w=word.lst --mask='?w?w?d?d?d'

Another way to write that:

-w=word.lst --rules=':d' --mask='?w?d?d?d'

Test strings consisting of uppercase words, 4 digits (processed on
device), then lowercase versions of the same words:

-w=word.lst --mask='?W?d?d?d?d?w'

And so on.  Many of these option names may be abbreviated.

I've just tested all of these combinations of options against
raw-md5-opencl and made sure the reported speeds correspond to on-device
mask being in use.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.