[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Jun 2012 23:41:37 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: For some dynamic formats on linux-x86-mmx build cracking
depends on password candidate sequence
I am sure you are right and I bet you nail it before we can even
reproduce it. Just go on and you'll end up with a fix!
magnum
On 2012-06-29 23:32, Frank Dittrich wrote:
> On 06/29/2012 01:33 PM, Frank Dittrich wrote:
>> limiey (u48-dynamic_2)
>> hhello__1 (u170-dynamic_2)
>> summer__3 (u293-dynamic_2)
>> �utle�t__1 (u407-dynamic_2)
>
> $ grep -n "^limiey$" pw.dic pw.dic.orig
> pw.dic:5761:limiey
> pw.dic.orig:58:limiey
>
> $ grep -n "^hhello__1$" pw.dic pw.dic.orig
> pw.dic:5633:hhello__1
> pw.dic.orig:186:hhello__1
>
> $ grep -n "^summer__3$" pw.dic pw.dic.orig
> pw.dic:5505:summer__3
> pw.dic.orig:314:summer__3
>
> $ LC_ALL=C grep -n "^.*utle.*t__1$" pw.dic pw.dic.orig |grep -v ":o"
> pw.dic:5377:�utle�t__1
> pw.dic.orig:442:�utle�t__1
>
> This can't be just a coincidence.
> These 4 (previously uncracked) passwords are located at these offsets in
> the (reversed) pw.dic:
>
> 5761 = 45 * 128 + 1
> 5633 = 44 * 128 + 1
> 5505 = 43 * 128 + 1
> 5377 = 42 * 128 + 1
>
> 128 happens to be MAX_KEYS_PER_CRYPT for my linux-x86-mmx build.
>
> If I append --mkpc=[1|2|...|126|127] to the command line, all 1500
> passwords get cracked using (the reversed) pw.dic.
>
> ../run/john -ses=./tst -nolog -pot=./tst.pot dynamic_2_tst.in
> --wordlist=pw.dic --mkpc=126
>
> (I just tried those 4 values (1, 2, 126, 127), and everytime I crack all
> 1500 passwords.
>
> With
> ../run/john -ses=./tst -nolog -pot=./tst.pot dynamic_2_tst.in
> --wordlist=pw.dic --mkpc=128
>
> I crack 1496 again.
>
> May be this is a clue where to look.
>
> But: for my linux-x86-clang build (Algorithm name: 128/128 SSE2
> intrinsics 8x4x4), max. keys per crypt is 128 as well, but here I got a
> different number of passwords that were not cracked.
>
> When I try the --mkpc=127 trick with clang, the remaining 18 passwords
> get cracked as well.
>
> Remaining 18 password hashes with no different salts
> HookFish__10 (u905-dynamic_2)
> �word�ish__3 (u779-dynamic_2)
> Sword��sh__3 (u778-dynamic_2)
> flasjkdfw__7 (u659-dynamic_2)
> asdfasfga__7 (u658-dynamic_2)
> good to KN0W__5 (u533-dynamic_2)
> characters__5 (u532-dynamic_2)
> �utle�t__1 (u407-dynamic_2)
> PIII__4 (u406-dynamic_2)
> pentium__4 (u405-dynamic_2)
> summer__3 (u293-dynamic_2)
> gobble__3 (u292-dynamic_2)
> hhello__1 (u170-dynamic_2)
> out�eft (u169-dynamic_2)
> jus�m�size (u168-dynamic_2)
> limiey (u48-dynamic_2)
> swordfish (u47-dynamic_2)
> let�ein (u46-dynamic_2)
>
> For of these passwords are the same as for -mmx.
>
> A few others:
>
> $ grep -n "^HookFish__10$" pw.dic
> 4865:HookFish__10
> $ grep -n "^flasjkdfw__7$" pw.dic
> 5121:flasjkdfw__7
> $ grep -n "^good to KN0W__5$" pw.dic
> 5249:good to KN0W__5
>
> 4865 = 38 * 128 + 1
> 5121 = 40 * 128 + 1
> 5249 = 41 * 128 + 1
>
> But
> $ grep -n "^swordfish$" pw.dic
> 5762:swordfish
> $ grep -n "^asdfasfga__7$" pw.dic
> 5122:asdfasfga__7
> $ grep -n "^characters__5$" pw.dic
> 5250:characters__5
>
>
> 5762 = 45 * 128 + 2
> 5122 = 40 * 128 + 2
> 5250 = 41 * 128 + 2
>
> So, for the clang build not just the first candidate password of a new
> 128 passwords block is affected, but the first two passwords.
>
>
> Frank
>
Powered by blists - more mailing lists
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
