Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 31 Dec 2012 04:41:49 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Formats dmg, encfs and strip crash on longer passwords

On 29 Dec, 2012, at 0:24 , magnum <john.magnum@...hmail.com> wrote:
> On 28 Dec, 2012, at 19:17 , Frank Dittrich <frank_dittrich@...mail.com> wrote:
>> On 12/28/2012 06:21 PM, Dhiru Kholia wrote:
>>> What should be the max password length (which actually works) for
>>> formats using your pbkdf2 code?. Can it be increased?
> 
> I believe Lukas' limit is 16. I increased it for my GPU code (current git version of wpapsk-opencl and krb5pa-sha1-opencl) because the imposed limit made no gain and I hate limiting our supported lengths for no reason. There might be valid reasons to do it in the CPU code, I'm not sure (but I can't think of any). My limits are dictated by SHA1 block sizes: max salt length 52 and max plaintext length 64.

I have now modified Lukas' pbkdf2-hmac-sha1 so it can handle a max. length of 64. Affected formats: agilekeychain, wpapsk, dmg, encfs, keychain, krb5pa-sha1, strip - as well as CUDA and OpenCL versions of them.

Most of these formats had bugs - they tried to use longer passwords than the code could handle. Even the new self-test did not catch all of them. I hope everything is correct now. There should really be no performance drop but I saw some on CPU. Probably more of a "coincidence" than anything else - the bottleneck is definitely not in the size or handling of the key buffer. It has nothing to do with the iterated hashing.

I see we have some formats that use Gladman's derive_key() instead. This is slower. I tried changing ODF to keychain.h and pbkdf2() and got a 60% boost but I'm not sure it supports all variants (if there are any?) so I did not commit that. Gladman's function has one more parameter and I'm not sure if it matters. I also tried SXC but got no boost, no idea why. Finally, I tried ZIP but that did not even pass self-test.

magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ