Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 8 Jun 2012 10:09:31 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: Was: RE: [john-users] JtR to process the LinkedIn hash dump

I think I have this, BUT it will only be on jumbo-bleeding edge.  This fix
requires the get_source.

Here is what I did.  I still need to FULLY test, to make sure I did not bung
up any format self test, because I made  a code change there.  (NOPE,
getting cores, so  I need to still address this).

1. did this to fmt_self_test.  NOTE, I will probably do this, but check to
see if we are running sha1-LI

+		format->methods.set_key(current->plaintext, 0);
		if (strcmp(format->methods.get_source(&pw, Buf),
ciphertext)) 
			return "get_source";

2. I changed the split for raw-sha1_LI to jam 0000 to all ciphertext values.
So internally within JtR, ALL hashes now have 00000
3. within set_key, I track how many keys are valid (store the index into a
static var, so I know the 'max').
4. Within get_source(), I loop through all crypt values.  I do this ONLY if
that max_key is > 0.
5. in fmt_self_test, when get_source is called in raw-sha1_LI, that max_key
is always 0, so the replacement is not done during self test.

This should work.  It DOES cause this input file:

0000003ced2802e237e597f6a9d14e963206d6c3
aaaaaaaaaaaaaaaaaae597f6a9d14e963206d6c3
122b603ced2802e237e597f6a9d14e963206d6c3

To say there are only 2 hashes, and it properly finds the hash, but my code
at this time stores the wrong value (the 00000 one).  However, upon re-run,
it does say 2 loaded, only 1 left, which is correct.

I simply think I have to work around some issues to get it right.

BUT THIS will only work with a get_source.  I am only targeting bleeding at
this time. Once I get that fully working, I will change it into the
get_source patch for magnum-jumbo.

Note, the above 5 items (the >0) will cause self_test fails for non-sse
builds.  I may simply work around this by not putting the 00000's out into
the self test strings.    Without those 00000's then the self tests work,
because the breakage of the equation get_source() == split(prepare(orig)) is
not broken.

Jim.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.