Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20130805080649.GA5084@openwall.com>
Date: Mon, 5 Aug 2013 12:06:49 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Parallella: bcrypt

Hi Katja,

On Sun, Aug 04, 2013 at 10:07:11PM +0200, Katja Malvoni wrote:
> On Thu, Aug 1, 2013 at 9:25 PM, Katja Malvoni <kmalvoni@...il.com> wrote:
> 
> > I generated 1000 passwords hashes and tested it with 2500 different
> > candidate passwords - it cracked 999 and it should have cracked all of them
> > (when I ran it again it cracked that 1 remaining hash).
> 
> I wasn't able to repeat this. I tested it with same 1000 hashes, it cracked
> all of them. Than I tried again with new 1000 hashes and 3000 passwords
> (actually random generated strings), cracked all. And with password.lst and
> pw.-fake-unix, cracked 3059 as it was supposed to. Speed was 1205 c/s.
> Should I try something else?

I think that at this time we should clean up your code and get it merged
into the main core or jumbo tree.  Can you make whatever cleanups you
think need to be done?  Then I'll take another look and either identify
further cleanups for you to make or maybe I will make those myself.

And yes, I took a look at your currently committed code and did notice
that you've corrected the indentation in the .S file.  Thank you!

As to the reliability issue, maybe you should implement a test program
which will use the same Epiphany code and similar host code, but where
each and every bcrypt computation will have its result checked for
correctness - then run that for a while.  In fact, even calling
fmt_self_test() in a loop might do the trick, but you need to build with
-DDEBUG or remove this piece from formats.c:

/*
 * Test each format just once unless we're debugging.
 */
#ifndef DEBUG
	if (format->private.initialized == 2)
		return NULL;
#endif

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.