Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 5 Aug 2012 09:39:44 -0400
From: Jeffrey Goldberg <jeffrey@...dmark.org>
To: "john-dev@...ts.openwall.com" <john-dev@...ts.openwall.com>
Subject: Re: Agilekeychain c/s oddly not dependent on PBKDFD2 iterations

It got fixed.  john had been using 1000 iterations irrespective of what was specified in agilekeychain. The discussion didn't make it to the list because (I think) a message I sent with an attachment didn't get posted. (Attachement was a sample with password on wordlist and more than 1000 iterations)

Dhiru's assumption that keychains were always created with 1000 iterations was a reasonable mistake given our documentation and that he was working from the Windows version. 

Cheers,

-j

Sent from my iPad

On Aug 5, 2012, at 2:00 AM, Solar Designer <solar@...nwall.com> wrote:

> Dhiru, Jeffrey -
> 
> Have we figured out what was going on here?  I think I never saw a reply
> from Dhiru on this.
> 
> Thanks,
> 
> Alexander
> 
> On Sun, Jul 29, 2012 at 01:37:08PM -0500, Jeffrey Goldberg wrote:
>> I created a 1Password Agile Keychain with the password "fred". 1Password created it with 20920 PBKDF2 iterations. Although "fred" is included the password.lst, JtR (magnum-jumbo) failed to find it (If I am reading the output correct).
>> 
>> ./john --wordlist=password.lst   -fo:agilekeychain-opencl ~/Work/AWS/JtR/fred-21000-agile-jtr.txt
>> OpenCL platform 0: Apple, 2 device(s).
>> Using device 0: Intel(R) Xeon(R) CPU           W3520  @ 2.67GHz
>> Compilation log: <program source>:304:16: warning: comparison of integers of different signs: 'int' and 'unsigned int'
>>        for (i = 0; i < keylen; i++)
>>                    ~ ^ ~~~~~~
>> 
>> Loaded 1 password hash (1Password Agile Keychain PBKDF2-HMAC-SHA-1 AES [OpenCL])
>> guesses: 0  time: 0:00:00:45 DONE (Sun Jul 29 13:13:06 2012)  c/s: 77.79  trying: 123456 - sss
>> 
>> I'm attaching 
>> 
>>  fred-21000-agile-jtr.txt
>> 
>> which is the output of running ./run/agilekc2john.py. Again the 1Password master password for this is "fred" (without the quotes).
>> 
>> I will try to create an agilekeychain with 1000 PBKDF2 iterations, but that requires an old version of 1Password. (More recent versions determine the number of iterations based on the hardware it is running on. There is no user control of these.)
>> 
>> Cheers,
>> 
>> -j

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ