john-dev - Re: mscash2 / hmac-md5 ambiguity

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Mon, 23 Jul 2012 12:46:15 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: mscash2 / hmac-md5 ambiguity

On 2012-07-23 11:47, Alexander Cherepanov wrote:
> mscash2 hashes in their canonical form are nevertheless accepted as
> hmac-md5:
> 
> $ cat mscash2.john
> chatelain:$DCC2$10240#chatelain#e4e15fdfafc8e715da9edec3611bfbff
> $ john mscash2.john
> Warning: detected hash type "mscash2", but the string is also recognized
> as "hmac-md5"
> Use the "--format=hmac-md5" option to force loading these as that type
> instead
> Loaded 1 password hash (M$ Cache Hash 2 (DCC2) PBKDF2-HMAC-SHA-1
> [128/128 SSE2 intrinsics 8x])
> guesses: 0  time: 0:00:00:02 0.00% (2)  c/s: 339  trying: 123456 - abc123
> Session aborted
> $ john --format=hmac-md5 mscash2.john
> Loaded 1 password hash (HMAC MD5 [128/128 SSE2 intrinsics 12x])
> guesses: 0  time: 0:00:00:02 0.00% (3)  c/s: 1120K  trying: 123man - 123mah
> Session aborted
> 
> IMHO that's not very good.

It was much worse until we forced hmac-md5 to lower precedence than
mscash. Now it is just cosmetic. That hash *is* a valid hmac-md5 hash,
with a salt of "$DCC2$10240#chatelain". We can stop this by
black-listing certain format salts. That's OK with me but in some way
it's a flawed path.

magnum

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.