Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120402160140.GA11818@openwall.com>
Date: Mon, 2 Apr 2012 20:01:40 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: distributed processing with untrusted machines

On Mon, Apr 02, 2012 at 05:35:32PM +0200, Simon Marechal wrote:
> On 02/04/2012 17:04, Solar Designer wrote:
> > While I had these thoughts for years, I think that actually implementing
> > this is still in a distant future for us (if we get there at all).  We
> > need to gain built-in distributed processing first (non-MPI), and only
> > then worry about enhancing it.
> 
> I am not sure the cost of implementing and using the countermeasures
> will ever be worth it.

I think that these things make sense for use by companies on their own
password hashes, and by auditing/pentesting companies.

As to whether this is worth it or not, this may be viewed as being part
of a bigger question - are such audits worth it at all?  I think that
many are not (e.g., it may be better to re-configure systems than to
detect weak passwords on poorly configured systems), but the demand is
there anyway.

> You mentionned some of the problems, but there
> are probably whole other classes of them. For example, some attacks are
> well suited to challenges, such as the fake worker

Of course, for contests we also need to deal with sabotage (but we may
not need to worry about leaks of the hashes).

> (it just sleep()s).

Such problems may also happen unintentionally, so they need to be
detected and dealt with anyway.

> The cracking job configuration could be private : mangling rules,
> dictionary, training results for statistical password cracking.

Yes, but I think this will be beyond scope.  Either the nodes are
semi-trusted or this kind of information is considered non-sensitive -
well, or the risk of such leaks is considered justified.

> Worse,
> adding more code to interact with untrusted parties will lead to more bugs.

Maybe, but since it should involve sanitization of inputs early on, it
may also neutralize bugs in deeper layers.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.