Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 14 Jun 2019 22:16:40 +0200
From: Solar Designer <>
Subject: Re: ZTEX: timeouts and optimizing?

Hi Vincent,

On Wed, May 22, 2019 at 01:09:43PM +0200, Vincent wrote:
> Solar Designer wrote:
> <SNAP>
> >> - What's a good way to determine the maximum speed of individual boards?
> >> - If clocked too high, will a board just hang of will guesses be wrong?
> >
> >We're testing with many same-salt hashes, where many (or even all) of
> >the attempted candidate passwords are expected to crack some hash.  Then
> >we make sure that everything actually does get cracked.  Sometimes too
> >high a frequency primarily results in timeouts.  Sometimes a moderately
> >too high frequency may first result in a small percentage of missed
> >cracks, but no timeouts.  Sometimes it's a mix of both.  You can see
> >such examples in some postings by me and by Royce.
> Is it possible to get access to the same-salt hashes (plus corresponding
> passwords) for further testing, for all *-ztex algorithms? Thanks!

I've just added "Many same-salt hashes intended for testing of -ztex
formats", which links to pw-ztex.tar.gz, to the list at:

This includes test hash files for all 5 of the bitstreams, utilizing the
maximum numbers of hashes per salt that we can have in on-device
comparators (512 for most, 2047 for descrypt).

There's also pw-bcrypt-29k, which contains 29300 of same-salt bcrypt
cost 10 hashes mimicking what was seen in a recent contest.  This is to
test bcrypt-ztex's ability to transfer computed hashes to host when the
loaded hashes don't fit in on-device comparators.  To test with these
hashes, you'll need to adjust TargetSetting in john.conf accordingly
(set it to 10 for best performance and no timeouts).

I didn't generate/include similar files for phpass and Drupal7, which is
slightly trickier to do.  But since it's the same bitstreams as md5crypt
and sha512crypt, respectively, it's likely that stability at a given
clock rate will be similar to those.

The commands I used to generate these files are:

perl -e 'for ($i = 1000; $i < 3147; $i++) { print crypt("pas$i", "sa"), "\n"; }' > pw-descrypt
perl -e 'for ($i = 100; $i < 612; $i++) { print crypt("pass$i", "\$1\$saltsalt"), "\n"; }' > pw-md5crypt
perl -e 'for ($i = 100; $i < 612; $i++) { print crypt("pass$i", "\$2b\$05\$saltsaltsaltsaltsaltsO"), "\n"; }' > pw-bcrypt
perl -e 'for ($i = 100; $i < 612; $i++) { print crypt("pass$i", "\$5\$saltsalt"), "\n"; }' > pw-sha256crypt
perl -e 'for ($i = 100; $i < 612; $i++) { print crypt("pass$i", "\$6\$saltsalt"), "\n"; }' > pw-sha512crypt

perl -e 'for ($i = 10000; $i < 39300; $i++) { print crypt("pa$i", "\$2y\$10\$2xH1dden1nPl41n51ght1u"), "\n"; }' > pw-bcrypt-29k

This tells you which candidate password streams to test against them -
e.g., you can use --mask='pas?a?a?a?a' or --mask='pas?a?d?d?d' or
wordlists with such content.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.