Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 31 Jan 2013 08:34:18 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: DMG (was: dmg2john)

On Thu, Jan 31, 2013 at 5:17 AM, magnum <john.magnum@...hmail.com> wrote:
> On 30 Jan, 2013, at 18:54 , Milen Rangelov <gat3way@...il.com> wrote:
>> In the header structure, there is a member,  uint32_t kdf_iteration_count which holds the iteration count. I've never seen a dmg file having iteration count different than 1000, but you could check that if the image has different parameters. I am very interested in the results as well since I have also fixed 1000 iterations.
>
> Ah, thanks. How did you ever get the idea to hard code that!?

I failed to anticipate this change in iteration count. My recent
attempts to debug this format were proving useless because I had
overlooked this (simple) fact.

> Bad news: The iterations count in my test files varies a little and it's not even numbers, but it's over 200,000 (how many SHA-1's is that per candidate, for a key length of 32? About 800,000 I think?). That's a good bump from 1000. At first this did not seem correct (still did not crack) but when I dumped the resulting plaintext I could see lots of consecutive zeros when the right key is used, so this is actually right. Over 200 times slower than older versions.
>
> So I added a known-plain test of "8 consecutive nulls" and voila, my test files can be cracked

I am maintaining sample / test .dmg files at
https://github.com/kholia/VileFault/tree/master/tests

Can you please add "failing" test files in that repository?

> When I incorporated the same to the OpenCL format I noticed that it did not support v1 hashes at all although its valid() did not reject them. I really hope we don't have more such bad things in unstable. I made it up to par with CPU code.

My bad :(

> Anyway, please test. Try old files, new files, different kinds of formats, encryption types, partition tables and so on. I bet we need even more known plains to test for in order to get every kind of them. This format needs its own README stating its limitations.

Yes, I agree with you. I can work on writing this README file.

-- 
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ