Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 28 Jul 2015 14:57:02 +0300
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: multiformats, (ab)use of salt in 'gost' format

On Sun, Jul 19, 2015 at 01:56:12PM +0300, Aleksey Cherepanov wrote:
> Recently I discovered that 'gost' format has salt. Using it, it
> differentiates regular gost and cryptpro gost. These can be viewed as
> 2 formats with 1 algo and different sboxes. There are 2 format tags:
> 
> #define FORMAT_TAG		"$gost$"
> #define FORMAT_TAG_CP		"$gost-cp$"
> 
> So the 'salt' shows sboxes to use.
> 
> It can be generalized to multiformats: such formats that handle hashes
> of different formats as 1 format (even without any similarities
> between algorithms).
> 
> Multiformats may be interesting during contests to attack all fast
> hashes in 1 command (the idea is not mine, Solar Designer shared this
> idea after last hash runner). It would be something like --format=fast
> 
> Solar Designer pointed out to me that formats can assume that, when
> their init() is called, other formats are done(), so 2 formats can't
> be init()'ed in parallel.
> 
> Another approach to multiformats would be a wrapper that calls john
> several times.
> 
> Other ideas?

Salt is interesting: if we have hashes of both types, then we can go
ahead and hash each password by 2 algos claiming that we "generate" a
candidate.

Alexander Cherepanov just gave an awesome idea: having sha1($p) and
sha1(sha1($p), we can avoid separate computation of sha1($p). It
applies to all formats with similar beginning. Having sha1($p),
sha1(sha1($p)), md5($p), md5(md5($p), sha1(md5($p)) and md5(sha1($p)),
we can reduce 10 raw hashing ops to 6 raw hashing ops.

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ