Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 22 Jan 2009 02:51:01 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: keyspace, mask password and dumb bruteforce

On Wed, Jan 21, 2009 at 04:45:17PM -0600, Billy Newsom wrote:
> You know, if I might butt in here... I haven't looked at 
> http://distributed.net/ in a long time, but for the last 10 years at least 
> they have had clients, and open source clients, which are made to 
> distribute blocks of hashes to be cracked with a number of different 
> algorithms.

It's not "blocks of hashes" that they distribute, but it does not matter
in this context anyway.

> In other words, it is already a distributed form of John, 

No, it is not.  The way they distribute the workload is inappropriate
for almost all uses of John.  Also, the security threats are different.

> Why don't you see if the licenses of the codes would allow you to sort of 
> meld the d.net client/server platforms with the complexity of John.

This doesn't make sense for almost all uses of John.

The exception is when you're willing to throw a lot of computing
resources at cracking one publicly known hash, and you cannot or don't
care to optimize the order in which candidate passwords are tried.

> In effect, the interface of John is terrible but powerful, while the 
> distributed clients are easy but pretty dumb. I think you need easy and 
> dumb and distributed... Now just hack their stuff to do the cracking you 
> need to do, right? Probably over-simplifying, but that's my 2 cents.

I'm not sure what you're referring to here.  The user interface?  If so,
it has little to do with how the workload is distributed.

> I would much rather work with something already into networking and hash 
> passing and key distribution instead of hacking into jTr. Look, there's a 
> wheel!

That's up to you. :-)

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.