Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <acb6f02c0912271701o534126f6g9a2ac0669a0bb130@mail.gmail.com>
Date: Sun, 27 Dec 2009 20:01:42 -0500
From: Charles Weir <cweir@...edu>
To: john-users@...ts.openwall.com
Subject: Re: JtR 1.7.4 and jumbo patch update

Hey thanks once again for all the hard work Alexander.

Here is some benchmark data for running 1.7.3.4 and 1.7.4 on MacOSX
10.6.2 Snow Leopard:

Goal: To evaluate the running time differences between JtR 1.7.3.4 and
1.7.4 due to modifications made in 1.7.4 with regard to how word
mangling rules are implemented.

Computer Specs:
MacBook
Mac OSX 10.6.2
Processor: 2.2 GHz Intel Core 2 Duo
Memory: 1 GB 667 MhZ DDR2 SDRAM

JtR Builds:
Both versions of JtR, (1.7.3.4 and 1.7.4), were compiled with the
macosx-x86-64 option. No additional patches, (for example the jumbo
patch), were applied to either build since the goal was to benchmark
the default builds of JtR.

Test setup:
Since the default JtR config's wordlist mangling rules produced test
runs too short to be statistically meaningful, (unless an unusually
large input dictionary was used), I ran the test using a custom built
config file designed for much longer cracking sessions. Mostly it just
does a lot of appends/prepends, basic case-mangling, (aka uppercase
the first letter, etc), and letter replacements, (aka replace 'a' with
'@'). A copy of the config file can be obtained from the following
link:

http://sites.google.com/site/reusablesec/Home/john-the-ripper-files/john-the-ripper-sample-configs-1

For the input dictionary I used one of the lowercase English
dictionaries available on the openwall ftp site, (I think it was the
large one). The dictionary contained 444,678 words.

Since the goal of this test is to measure the running time differences
caused by the modifications to JtR's 1.7.4 word mangling code, I chose
to avoid doing any password hashing. If no modifications were made to
the hashing algorithms, it would be expected that the time spent
hashing guesses between the two versions would be essentially the
same, and thus would obscure any performance differences caused by the
modified word mangling code. Aka if I were to attack a strong hash
like several Unix crypt passwords, I would probably spend a majority
of my time hashing the guesses instead of making the guesses.
Following Alexander's lead when it came to evaluating -incremental
mode, I used the -stdout option and copied all of the output into
/dev/null. A link to Alexander's post is below:

http://www.openwall.com/lists/john-users/2005/11/23/1

The exact command I used for both versions of John the Ripper was:

./john -wordlist=../../../custom/dictionaries/english-lower -rules
-stdout > /dev/null

Results: (note, I hit enter several times during the runs to obtain a
status update)
---------------------------------------------------------------
Running JtR version 1.7.3.4
Ryoki:run cweir$ ./john
-wordlist=../../../custom/dictionaries/english-lower -rules -stdout >
/dev/null
words: 6365650  time: 0:00:00:02 0%  w/s: 3182K  current: fuensanta02
words: 539476927  time: 0:00:03:00 4%  w/s: 2997K  current: dreadlok(7
words: 2196468466  time: 0:00:12:37 20%  w/s: 2901K  current: neyra3533
words: 4334289067  time: 0:00:25:07 39%  w/s: 2876K  current: frsim8341
words: 8219141832  time: 0:00:49:00 75%  w/s: 2795K  current: Txfunb5649
words: 10495949352  time: 0:01:04:26 100%  w/s: 2714K  current: 9zzzzzzzthi$

------------------------------------------------------------------
Running JtR version 1.7.4
Ryoki:run cweir$ ./john
-wordlist=../../../custom/dictionaries/english-lower -rules -stdout >
/dev/null
words: 7966634  time: 0:00:00:02 0%  w/s: 3983K  current: vasques05
words: 600500747  time: 0:00:02:37 5%  w/s: 3824K  current: khalequzzaman6!
words: 2149672849  time: 0:00:09:32 19%  w/s: 3758K  current: hely3428
words: 4182387837  time: 0:00:18:37 38%  w/s: 3744K  current: ramlah7999
words: 5552615278  time: 0:00:24:54 50%  w/s: 3716K  current: Deliquation947
words: 8435312065  time: 0:00:38:55 77%  w/s: 3612K  current: Artbooks6136
words: 10495945056  time: 0:00:49:48 100%  w/s: 3512K  current: 9zzzzzzzthi$

--------------------------------------------------------------------

Analysis:
JtR 1.7.4 ran noticeably faster than JtR 1.7.3.4, completing its
session in 76% of the time it took 1.7.3.4 to finish. The one anomaly
was that the 1.7.4 session outputted that it made 10,495,945,056
guesses, while the 1.7.3.4 session outputted that it made
10,495,949,352 guesses. The difference in guesses may have just been a
reporting issue, (aka the final count might not be updated), but I'll
leave it to someone more knowledgeable to answer that question.
Regardless, with this computer setup when making 10 trillion guesses
using wordlist mode, you could reasonably expect to save around 15
minutes of cracking time if you upgrade to version 1.7.3.4.

As always, please let me know if you have any
questions/comments/issues with these results/tests.

Matt Weir
http://www.reusablesec.blogspot.com
weir@...fsu.edu

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.