Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <32f3effa409f4b4f6090ae617e193ca0@smtp.hushmail.com>
Date: Wed, 10 Apr 2013 21:18:19 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: default_cmp_all

On 10 Apr, 2013, at 20:55 , "jfoug" <jfoug@....net> wrote:

> From: magnum [mailto:john.magnum@...hmail.com] 
>> So the new-style bitmaps fully replace cmp_all()? I thought they only
> replace it under certain conditions. I >suggest we do absolutely nothing
> until Solar comments this.
> 
> I agree with the wait and see.  However, cmp_all is not called in the
> current unstable either (prior to the bitmaps).  Look at the code in
> cracker.c
> 
> There is an outer if statement, on whether the format is salted or not. If
> not salted, then the else route is taken, and within that block of code,
> cmp_all is never called, and only the bin_hashes and cmp_one/cmp_exact is
> used.  I am not fully sold that is the right way, BUT that is how JtR has
> been running forever (for a long time at least).
> 
> Like I said, it was news to me, and surprised me some.  I thought the code
> always something similar to:
> 
> crypt_all();
> if (hash() && cmp_all()) {
>   foreach: if (cmp_one() && cmp_exact())
>     output found pw
> }
> 
> But it is not that way for non-salted.

Are you saying that if I attack 12M MD5 hashes in unstable, we do 1M calls to cmp_one() for each and every crypt_all()? That simply can not be true. I'll have a look!

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.