Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120828172226.GA5743@openwall.com>
Date: Tue, 28 Aug 2012 21:22:26 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: JtR vs. hashcat on /r/crypto (was: passwords cracked vs. time)

On Tue, Aug 28, 2012 at 08:48:10AM +0200, Simon Marechal wrote:
> Also there is this right now :
> 
> http://www.reddit.com/r/crypto/comments/yuqyi/john_the_ripper_vs_oclhashcatlite/

Thanks.  atom and I have commented on that thread - discussing this
topic directly and in a public forum for the first time.  (Previous
occasions were extremely brief, even compared to these comments.)  There
is some useful info in there, such as:

1. The password length used for the posted oclHashcat-plus benchmarks is
always 8.  We may take this into consideration during our own
development and benchmarks (such as to see if we have reached hashcat's
speed on a certain hash type on a certain GPU type or not yet).

2. It turns out (was news to me) that hashcat added SunMD5 support
recently (on CPU).  According to atom, it does not use SIMD, yet is
faster than ours with SIMD (JimF's unreleased code in magnum-jumbo).
I've asked atom for specific speed numbers, but we might want to do our
own benchmarks as well (Jim?), if we don't mind running the
closed-source hashcat for that. ;-)

3. Merely curious: we (team john-users) had the question whether JtR was
used by team hashcat in this year's contest or not (among other tools).
Turns out that it was used after KoreLogic's tweeted hint about password
length 21 (this is from a comment by r4d1x), as well as briefly by atom
(not giving any new cracks in that case, so I think not worth a mention
in the writeup for that).

(I guess the use for long passwords did result in some extra cracks.
I think both teams' tools can use some improvement in this area, though.)

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.