Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 25 Nov 2014 07:23:30 -0900
From: Royce Williams <royce@...ho.org>
To: john-users@...ts.openwall.com
Subject: ad-hoc work sharing, or proof of keyspace/mask exhaustion

Is there any practical way for JtR to provide evidence that a given
keyspace has been exhausted for a given hash and mask -- such that
someone else could verify it or skip it?

I assume that projects like distributed.net have already solved this,
but I'm thinking of something that would support ad-hoc sharing
without a full framework iike BOINC or distributed.net.

A "lightweight" mode -- for local use, or for small Crack Me If You
Can teams -- a simple "work block" could be a simplified description
of the work (mask, attempted hashes, results).  This could be
platform-independent (a standard?) for sharing across cracking
platforms (JtR, hashcat, InsiderPro).  Optionally, work blocks could
be signed with a private key and other team members could be trusted.

For speed during competition, work could be skipped quickly --
skipping specific masks, and dropping already-cracked hashes.  Could
set operations could be performed on masks while running?

A "heavyweight" mode would be for true Byzantine-Generals-style
verification.  For example, naively and expensively, could you hash or
sign the whole thing -- attempted passwords, resulting hashes, mask,
and the target hashes?  I assume that it would also have to include
the algorithm of candidate password generation.  This would likely be
a huge drag on performance, but could be useful for academic work,
etc.

A pie-in-the-sky idea this morning. :-)

Royce

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.