Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 8 Apr 2021 15:39:38 -0700
From: David Sontheimer <david.sontheimer@...il.com>
To: john-users@...ts.openwall.com
Subject: Cracking stats: p/s, c/s and C/s. Hashing cost factors.

Hi - I'm using JtR to test password generation heuristics. I'm looking
for some detail into the stats printed to std_err from each fork after
a completed run, and some insight into the parameters JtR uses when
generating certain hashes for the 'test' function.

I'd like to compare apples-to-apples cracking times for heuristics
commonly seen in user-password generation (popularized by XKCD). I'm
grabbing the std_err output from each fork and generating summary
stats for a single cracking run. Time and guesses/sec are easy to
interpret. Unfortunately I'm a little confused with p/s, c/s and C/s.
I dug up:

p/s: passwords-tested/sec
c/s: crypts-computed/sec
C/s: crypts-tested/sec

(https://www.tunnelsup.com/getting-started-cracking-password-hashes)

My numbers don't match up though. Either I have my C/s and c/s mixed
up, or I'm misinterpreting 'computed' and 'tested.'

> Pwds cracked/sec: 5.821402e+10
> Crypts tested/sec: 1.489019e+09
> Crypts computed/sec: 9.232799e+10
> C/c: 62.0059186618841
> c/p: 0.025578357680475557
> p/c: 39.09555150068602
> C/p: 1.5860095658401459

Shouldn't JtR compute more hashes than it tests - not the other way
around? And what's the significance of computing and/or testing hashes
that JtR doesn't test as passwords?

---

I'm also attempting to reproduce password hashes via Python's passlib
library - with the same specs as JtR's test function. Ideally, I
should see a similar relative c/s generation between algorithms. Are
these values correct for the following parameters?

Bcrypt: 32 iterations.
Sha-256: 5000 iterations.
Sha-1: Rounds of both 64k and 40k... So c/s results in an average of
generating each?
Argon2: time/rounds = 1, memory_cost = 2, parallelism = 3... what's
the final cost (value of 4 in the example below)?

> Benchmarking: argon2 [Blake2 AVX]... (72xOMP) DONE
> Speed for cost 1 (t) of 3, cost 2 (m) of 4096, cost 3 (p) of 1, cost 4 (type [0:Argon2d 1:Argon2i]) of 0 and 1
> Raw: 3291 c/s real, 46.8 c/s virtual


Any insight would be much appreciated. Cheers.
-David

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.