Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120324022857.GC5923@openwall.com>
Date: Sat, 24 Mar 2012 06:28:57 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Research ideas.

Lukas,

On Fri, Mar 23, 2012 at 12:33:09AM +0100, Lukas Odzioba wrote:
> I've asked on the University, they accepted this idea. This summer I
> would like to focus on performance for existing formats and adding 2-3
> new formats (suggestions are welcomed).

OK, please feel free to apply for that under GSoC - or would you rather
work on it outside of GSoC?

As it relates to performance optimizations, what criteria do we use to
determine success/failure?

As to new formats to have GPU code for:

- WPA-PSK.  You already have PBKDF2 with SHA-1 for MSCash2 - you just
need to build a format on top of that for WPA-PSK.  Also, support it in
both CUDA and OpenCL.  And optimize it.

- Mac OS X FileVault and keychains.  I think these may build upon the
same PBKDF2 with SHA-1 code.

- Mac OS X password hashes.  Someone posted a "Quick Comment" on the
Openwall website stating that 10.8 (Mountain Lion) uses PBKDF2 with
SHA-512.  If so, you'll need to implement that on GPU (OpenCL and CUDA)
and wrap it in a JtR format.  Also, since SHA-512 is a bit slow compared
to other hashes, it makes sense to implement support for 10.7's salted
SHA-512 hashes (even though they're not iterated and thus fast).
Currently we're getting speeds of around 10M c/s on multi-core CPUs
with OpenMP using OpenSSL's SHA-512 code, so a GPU implementation can
provide some speedup (e.g., bring this up to 50M c/s) even with the
current formats interface (and more once the formats interface is
adjusted for fast hashes).  Finally, the pre-10.7 salted SHA-1 hashes
could also be supported on GPU, although these are obviously fast.

- Last year you were considering but never approached the DES stuff.
You can pick DES-based crypt(3) (it's in-between slow and fast), the
BSDI flavor (normally slow), other DES-based stuff (Oracle hashes, etc. -
although most of these are fast and thus will depend on my planned
changes to the formats interface, so might not be done in time).

For WPA-PSK, FileVault, keychains, and 10.8 password hashes, we'll need
CPU-only implementations as well.  You might work with someone else on
our team to implement these formats, or do it on your own if no one else
is available, capable, and willing to work on these at the right time.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.