[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 26 Jul 2012 01:16:51 +0100
From: magnum <john.magnum@...hmail.com>
To: "john-dev@...ts.openwall.com" <john-dev@...ts.openwall.com>
Subject: Re: mscash2 / hmac-md5 ambiguity
We can't solve the underlying problem. How would we? If you can think of a solution just name it.
magnum
On 26 jul 2012, at 00:09, Alexander Cherepanov <cherepan@...me.ru> wrote:
> On 2012-07-24 03:57, magnum wrote:
>> On 2012-07-23 23:19, Alexander Cherepanov wrote:
>>> On 2012-07-23 14:46, magnum wrote:
>>>> On 2012-07-23 11:47, Alexander Cherepanov wrote:
>>>>> mscash2 hashes in their canonical form are nevertheless accepted as
>>>>> hmac-md5:
>>>>>
>>>>> $ cat mscash2.john
>>>>> chatelain:$DCC2$10240#chatelain#e4e15fdfafc8e715da9edec3611bfbff
>>>>> $ john mscash2.john
>>>>> Warning: detected hash type "mscash2", but the string is also recognized
>>>>> as "hmac-md5"
>>>>> Use the "--format=hmac-md5" option to force loading these as that type
>>>>> instead
>>>>> Loaded 1 password hash (M$ Cache Hash 2 (DCC2) PBKDF2-HMAC-SHA-1
>>>>> [128/128 SSE2 intrinsics 8x])
>>>>> guesses: 0 time: 0:00:00:02 0.00% (2) c/s: 339 trying: 123456 -
>>>>> abc123
>>>>> Session aborted
>>>>> $ john --format=hmac-md5 mscash2.john
>>>>> Loaded 1 password hash (HMAC MD5 [128/128 SSE2 intrinsics 12x])
>>>>> guesses: 0 time: 0:00:00:02 0.00% (3) c/s: 1120K trying: 123man -
>>>>> 123mah
>>>>> Session aborted
>>>>>
>>>>> IMHO that's not very good.
>>>>
>>>> It was much worse until we forced hmac-md5 to lower precedence than
>>>> mscash. Now it is just cosmetic. That hash *is* a valid hmac-md5 hash,
>>>> with a salt of "$DCC2$10240#chatelain".
>>>
>>> Were these forms chosen for compatibility with other tools? I mean it's
>>> a pity to have a special, canonical form for a hash which clashes with
>>> other formats.
>>
>> It does not really clash, it just warns. It picks mscash2, emits the
>> notice and all is fine. Is it that bad? I loved when core got this feature.
>
> Problem is not in the warning itself. The warning is helpful. The problem is what it warns about.
>
> Suppose that Korelogic will include hmac-md5 in the upcoming contest. Then you cannot load these hashes without --format.
>
> Second problem: you cannot put both types of hashes in one file. Wouldn't it be better to have only one file with all hashes? I mean, to have one file instead of 20 is very convenient. Then you can select desirable part of it with --format. But this is impossible when there are collisions in canonical forms of given types of hashes.
>
>>>> We can stop this by
>>>> black-listing certain format salts. That's OK with me but in some way
>>>> it's a flawed path.
>>>
>>> Agreed.
>>
>> Just thinking out loud here: Let's say we could teach the hmac-MD5
>> format that "it" should not emit that warning if the salt starts with
>> $DCC2$10240# - as opposed to always reject it in valid(). In the
>> (unlikely) case this was really a hmac salt, we could still use the hmac
>> format using --format. If we don't, it will pick mscash2 and not
>> complain. The only problem with this approach is it's not supported by
>> the current core and I'm not sure how we could implement that... or...
>> perhaps hmac-md5's valid() could take a peek at options.format (the
>> --format argument) and behave differently if unset... maybe this is
>> possible. I might try that some time.
>
> You mean to just silence the warning? I don't think it should be done without solving underlying problem.
>
> --
> Alexander Cherepanov
>
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ