Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <00a901cd3524$7524e760$5f6eb620$@net>
Date: Fri, 18 May 2012 13:31:35 -0500
From: "jfoug" <jfoug@....net>
To: <john-users@...ts.openwall.com>
Subject: RE: Performance Considerations of stdin

>From: Brad Tilley [mailto:brad@...ystems.com]
>
>What, if any, performance considerations are there when passing word
>candidates to JTR via stdin? I plan on doing some tests to see first-
>hand, but before doing so I wanted to ask here in case others have had
>some experience with this.
>
>Basically, I'm wondering if a word generation program that passed words
>into JTR via stdin would perform better than when JTR is doing both word
>mangling and hash generation, hash testing, etc all by itself.
>
>ehco -n word | john --sdtin
>
>Has anyone had experience performance testing something such as this?

Depends upon the OS.  If it is winblows, then the performance is horrible.
I get about 30% or so performance for fast hashes, vs a dictionary read into
memory, with rules run on the dictionary.  Windows has a TINY pipe_buffer.
I have found no way to speed this up (and I have tried).

However, for many other OS's, may likely be a performance boost by using
-stdin mode, IF doing some complex work, since you can do much more complex
things a lot more efficiently in a native language (like C, or even perl),
much faster than john's rules.  

I have done this for things like a super elite builder, which can do all
sorts of permutations, such as full permutation of letter case, case, full
permutation of all elite possibilities (such as mississippi -> m1ssissippi,
miss1ssippi, m1ss1ssippi, ... m!ssiss1pp|, etc).  Doing this in john, with
rules, or other extern stuff 'could' be done, but that is beyond my
capabilities, and I think you would either have to write a lot of rules that
either reject a lot of input words, looking for specific patterns, or the
rules would generate a lot of dupes.

I also did this, for a much more heavily complex time/date generator, that
did an all in one type run, and could handle much more than the external
date_time code in john.conf.

I would love to hear any speed comparisons between 

john -rules:xxx -memory=9999999 -w=input.dat candidates.in
and 
word_gen input.dat | john --stdin candidates.in

where the --rules:xxx (or externs, etc) and word_gen were 'comparable', when
run on other OS's.

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.