Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <BLU0-SMTP1161F5C1CA3F830E6ED062DFDD70@phx.gbl>
Date: Fri, 13 Jul 2012 22:51:46 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: More features for MJohn

Aleksey,

I think we still need something to keep all
clients busy doing something useful, may be a way to configure a client
to automatically fetch new attack descriptions and run them.

Letting the clients instead of the server initiate the connection will
help in a contest environment, where many users may be behind a NAT router.

This minimal functionality is a first step. An enhanced version should
take into account number of CPUs/GPUs, amount of main memory, free disk
space, to descide which kind of formats to attack, how many attacks to
run in parallel, and so on.

E.g., for a CPU with 4 cores and hyperthreading, useful options would be:
-just 1 session at a time with OMP_NUM_THREADS=4, for highly optimized
formats that scale well.
-just 1 session at a time with (default for such a machine)
OMP_NUM_THREADS=8, for formats that support OMP, but are not optimized
-4 different sessions for formats that are optimized, but don't scale
well with OMP or lack OMP support (in this case, a john build without
OMP support should be used).
-just 1 session, but split across 4 cores (requires --fork= / --nodes=
to be supported)

There is no need to implement everything at once.
Start with just fetching a task from the server that has not been
started, mark it as started on the server.


To define priorities for the tasks (which tasks to run/transfer to a
(/which) client in what sequence), we either need some voting system, or
we need to set priority based on success of previous attacks defined by
the same user.
Measuring/comparing the success might be tricky, because usually success
changes over time.
When you start, it is easy to crack passwords, then it gets harder until
you identify a new pattern, and so on.

The voting can also be mimicked by an assessment at the begin of the
pen test / contest (which formats will be the easiest to attack first /
which formats will likely give most points).


Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.