Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20091228201451.GA12287@openwall.com>
Date: Mon, 28 Dec 2009 23:14:51 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: JtR 1.7.4 and jumbo patch update

On Sun, Dec 27, 2009 at 08:01:42PM -0500, Charles Weir wrote:
> Here is some benchmark data for running 1.7.3.4 and 1.7.4 on MacOSX
> 10.6.2 Snow Leopard:
> 
> Goal: To evaluate the running time differences between JtR 1.7.3.4 and
> 1.7.4 due to modifications made in 1.7.4 with regard to how word
> mangling rules are implemented.

Yes, thank you!  This is precisely what I wanted - this kind of testing
and benchmarks, especially with non-default rulesets.

> http://sites.google.com/site/reusablesec/Home/john-the-ripper-files/john-the-ripper-sample-configs-1

Thank you for sharing this.  As you're aware, this ruleset might produce
lots of duplicate candidate passwords, especially with length-limited
and/or case-insensitive hashes.  I don't think adding some "-c" flags
and some "<*" and "<-" commands would make it a lot less readable, so
you could want to do that.  Also, if you have ":" (no-op), you need to
use "l Q" instead of just "l", and ditto for "c" and "u".  One thing
that is completely unclear to me is your use of "Ct" instead of just "c" -
why is that?

BTW, with 1.7.4 you can make the ruleset shorter.  For example, the
following lines:

/a lsa@
/e lse3
/l lsl1
/o lso0
/s lss$

may be replaced with:

/[aelos] l s\0\p[@310$]

> Running JtR version 1.7.3.4
[...]
> words: 10495949352  time: 0:01:04:26 100%  w/s: 2714K  current: 9zzzzzzzthi$

> Running JtR version 1.7.4
[...]
> words: 10495945056  time: 0:00:49:48 100%  w/s: 3512K  current: 9zzzzzzzthi$

> JtR 1.7.4 ran noticeably faster than JtR 1.7.3.4, completing its
> session in 76% of the time it took 1.7.3.4 to finish. The one anomaly
> was that the 1.7.4 session outputted that it made 10,495,945,056
> guesses, while the 1.7.3.4 session outputted that it made
> 10,495,949,352 guesses. The difference in guesses may have just been a
> reporting issue, (aka the final count might not be updated), but I'll
> leave it to someone more knowledgeable to answer that question.

No, it's not just a reporting issue.  More like a bug, and I have in
fact just found and fixed a relevant bug.  Can you please repeat the
test of 1.7.4 with the attached patch?

Please make no changes to the ruleset for this test yet.  We need to
make sure the bug is fixed first.

Thanks again,

Alexander

View attachment "john-1.7.4-last-fix.diff" of type "text/plain" (2699 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.