Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 5 Apr 2011 04:06:17 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Using DES_bs

On Mon, Apr 04, 2011 at 06:27:57PM -0500, Daniel Beard wrote:
> Okay I have one last question just so I'm clear. Does DES_bs encrypt a key
> to a DES hash or attempt to decrypt a DES hash to find a key candidate?

Neither, and this is not specific to the implementation.

Assuming that we're talking about the DES-based crypt(3), it applies DES
as follows.  The password is used as the DES encryption key.  The data
to be encrypted is 0 (a 64-bit block of all zero bits).  25 iterations
of salt-modified DES are used to encrypt this block.  The resulting
"encrypted" block is used as a hash of the password.

Thus, in DES terms, the key is not being encrypted.

What John does is:

1. For each DES-based hash loaded for cracking, the ASCII encoding is
reversed and the DES final permutation is undone.

2. For each candidate password, it is setup as a DES key, and 25
iterations of salt-modified DES are used to encrypt the all-zeroes block.
Then, without doing final permutation, the result is compared against
hashes loaded for cracking (and pre-processed as described above).

Thus, the initial and final permutations of DES are not performed in the
main cracking loop at all.  First, there's no point in permuting the 64
zero bits.  Then, each iteration's final permutation would be reversed
by the next iteration's initial permutation.  Finally, the final
iteration's final permutation is undone at loading of the hashes.

With a bitslice implementation, we actually produce a large number of
password hashes at once (for different candidate passwords), and usually
we compare them against the hashes loaded for cracking indirectly
(either with the logarithmic time algorithm in DES_bs_cmp_all() or with
hash table lookups, where we use partial hashes as indices).

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ