Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20150601102648.GA29587@openwall.com>
Date: Mon, 1 Jun 2015 13:26:48 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Interleaving of intrinsics

On Mon, Jun 01, 2015 at 01:52:58PM +0800, Lei Zhang wrote:
> > On May 30, 2015, at 10:55 AM, Solar Designer <solar@...nwall.com> wrote:
> > Lei wrote:
> >> Somehow I couldn't get useful info from a forked run of pbkdf2-hmac-sha256/512. I used the same settings as I benchmarked raw-md4(5), but only got output like:
> >> Will run 4 OpenMP threads per process (240 total across 60 processes)
> >> Node numbers 1-60 of 60 (fork)
> >> Session stopped (max run-time reached)
> >> 
> >> I tried increasing  --max-run , but to no avail. Something wrong here?
> > 
> > I suspect max_keys_per_crypt might be too high.  You'd want to find out
> > what it was by examining the log file.  It shouldn't actually be high
> > for a slow hash like this, but maybe it is (and needs to be lowered).
> 
> It's 15360. This doesn't look insanely high to me.

How do you determine if it's insanely high or not?  For some hash types
and cost settings (encoded with the hash), anything higher than 1 is
unreasonable.  For others, 1000000 may be sane.  It really varies a lot.

In this case, it's 15360 per MIC core, and the hash type is potentially
slow - depends on cost setting of a particular hash.  If the hash uses,
say, 10000 iterations, you're computing 300+ million of SHA-256's per
crypt_all() code.  (It's two invocations of the underlying primitive per
one HMAC.)  Since individual MIC cores are quite slow, this certainly
can be taking multiple seconds.  With self-test, it's multiple
crypt_all() calls (most of them with count < max_keys_per_crypt, though)
until the program does anything useful.

> > Also, you never mentioned your full command line.  There might be
> > something specific to the cracking mode you invoked and its settings.
> 
> I used the exact same settings as I benchmarked raw-md4, i.e.:
> $ run/john --format=pbkdf2-hmac-sha256 --mask=?l?l?l?l?l?l?l?l --fork=60 --max-run=30 hash.sha256

And what exactly is in hash.sha256?

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.