Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b78c8ad1c04997a919560cca32c81bc4@smtp.hushmail.com>
Date: Fri, 22 Nov 2013 20:12:29 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Questions and suggestions to build a home cracking
 box. :)

On 2013-11-22 15:17, Richard Miles wrote:
> On Wed, Nov 20, 2013 at 1:52 PM, magnum <john.magnum@...hmail.com> wrote:
>> Exactly. That is the worst possible bug you can encounter. Even worse
>> if you never become aware of it but like I said our self-tests are
>> likely to catch it in time.
>
> Yeah, very severe bug. What do you mean by self-tests? Just run the
> benchmark? Or create a copy of password hashes that I know the plain-text
> passwords and always test with them before and after upgrade / downgrade a
> driver?

No, it's built-in selftests that take place EVERY time you start a crack 
session without you even having to know about it. If something is wrong, 
JtR will bug out and tell you.

You don't even have to start a real crack session. Just run "./john 
--test --format=wpapsk-opencl" and that format will self-test as well as 
benchmark and output a speed figure.

Naturally, there is no such thing as a 100% self-test though. I found a 
bug yesterday that only happened in one specific format at one specific 
length of salt - which happened not to be included among the built-in 
test vectors so it went unseen for 23 days (until I ran our more 
thorough Test Suite scripts on it).

>> Me and Claudio are currently "wasting time" with shared OpenCL code that
>> isn't very noticable for end users. In the long run it's supposed to
>> result in less work so we can just write more formats...
>
> Interesting. Is it related with the issues that we have today with GPU and
> fast hashes?

Not really. Recently we've been trying to reduce duplicated code in 
favor of shared code, and improve the auto-tune stuff - the latter is 
supposed to automagically adjust all parameters (ie. optimize for speed) 
to the very card you've got, at run-time, with no user intervention and 
ideally in no time. We've also struggled with speeding up said 
self-tests and other things so you don't have to wait minutes for a 
session to actually start doing net work.

> So this GPU cards are so fast that they are able to computate hashes before
> a CPU is able to choose one?

We're talking several billions of password candidates per second. Just 
do the math...

> The same problem should happen with wordlist attacks, right? Or maybe with
> wordlists and fast hashes it's still worst! I mean, HD should be very slow
> and create a bttleneck, right? Even with --rules? The --rules pre-processor
> works with CPU or GPU?

Even Hashcat can't saturate a GPU with just a wordlist. It has to be 
wordlist + rules (or mask), where the latter are applied on GPU. So you 
shove a bunch of words over the bus, then apply millions of rules or 
masks to it (totally hiding that bus transfer) and then go on to next 
bunch of words.

> How to identify if a GPU emits air inside the case and the good ones? I
> should always choose a reference designer? But how to discover what is a
> reference designer without ask you guys? :)

A good design has outlets in the back plate (where the video connectors 
are) and all hot air go out that way. The fan draws air from the case 
into the GPU case and it's pushed to the outside. Like this one:
http://tpucdn.com/reviews/AMD/HD_7970_GHz_Edition/images/pressshot.jpg

Here's a Kids'R'us design for comparison:
http://media.bestofmicro.com/F/C/377688/original/Arctic-Accelero-Xtreme-7970.jpg

Note how the latter has the cooling fins in the optimally wrong 
direction and the GPU shroud is open. So the fans will draw air "into" 
the GPU and then it will go out again still inside the computer case, 
soon passing the same fan AGAIN and get even hotter. There may be 
cosmetical slots in the back plate but there's no incentive for any air 
to actually go through them in any direction.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.