Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Jun 2012 05:24:31 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Oracle Bitslice conversion completed

Hi Piyush,

On Sat, Jun 23, 2012 at 06:47:57AM +0530, Piyush Mittal wrote:
> I have completed Oracle Bit Slice conversion. It's running  correctly using
> linux-x86-64avx mode on my machine.

"Passing self-test" and "running correctly" are distinct things.
Self-test is primarily meant to catch miscompiles and such.  It might
not catch major design errors, and it sometimes misses implementation
bugs as well.  For example, it is possible to have a format that will be
comparing 0's against 0's regardless of its test vectors, and it might
pass self-test.

Right now, your code merely passes self-test.  Congratulations!
Seriously, this is a fine milestone to be at, but it's far from having
the "conversion completed".

Your code does not yet run correctly.  If you put those same test
vectors in files:

$ cat pw
O$SIMON#4F8BC1809CB2AF77
O$SIMON#C4EB3152E17F24A4
O$SYS#C648972D2BE43FA4
O$BOB#b02c8e79ed2e7f46
$ cat w
A
TST
H4X0R
LAPIN

and run John with your patch on them:

$ ./john -w=w pw
Loaded 4 password hashes with 3 different salts (Oracle BS [oracle])
guesses: 0  time: 0:00:00:00 DONE (Sun Jun 24 05:07:27 2012)  c/s: 228 trying: A - LAPIN

the passwords don't get cracked.  Why not?  Or rather, why does the
self-test pass?  In fact, the latter is the question I asked myself as
soon as I saw your code - "this can't possibly work, why does it pass
self-test?"

Actually, let's take this a step back.  Why can't it possibly work?
Simple: you're only using one bit layer.  So it may work for one in 128
passwords (in an -x86-64-avx build, as you say), but not for the rest.
Well, except when only one bit layer actually matters.  This is in fact
the case for self-test: it tests one key index at a time, not all at
once.  However, why doesn't the self-test fail for indices other than 0?
That's because you spread the one bit layer to all of them inside
DES_bs_crypt_Oracle() with vst(..., z) and vst(..., o).  Mystery solved.

> Some documentation and final touch to code is left that I will send
> tomorrow.

You're still quite far from that final touch - and even if the code
worked, it'd need a lot more of a cleanup than a mere final touch - but
I am impressed nevertheless.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ