Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 12 Aug 2015 21:26:01 +0800
From: Lei Zhang <zhanglei.april@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Formats using non-SIMD SHA2 implementations


> On Jul 20, 2015, at 7:18 PM, magnum <john.magnum@...hmail.com> wrote:
> 
> On 2015-07-19 11:35, Lei Zhang wrote:
>> 
>>> On Jul 19, 2015, at 11:04 AM, Lei Zhang <zhanglei.april@...il.com> wrote:
>>> 
>>> I have no clear idea which formats rely on SHA2 just from their names, except for a few apparent ones (e.g. rawSHA256_fmt_plug.c). Could you give me some hints about that?
>> 
>> I used this command to find formats that use OpenSSL's SHA2 functions but not JtR's SIMD implementation:
>> 
>> $ grep -E 'SHA256_Update|SHA512_Update' *.c -l | xargs grep SIMD -L
> 
> I tried a different grep and ended up with mostly the same list (sha0 is just a false positive of course).
> 
> $ git grep -lE "ALGORITHM_NAME.*SHA[- ]?[235]"|grep -vE "opencl|cuda"|xargs grep -L SIMD
> 7z_fmt_plug.c
> clipperz_srp_fmt_plug.c
> dragonfly3_fmt_plug.c
> dragonfly4_fmt_plug.c
> episerver_fmt_plug.c
> keepass_fmt_plug.c
> pdf_fmt_plug.c
> rawSHA0_fmt_plug.c
> 
> The dragonfly formats are not very interesting. I guess the 7z format would be appreciated but it's tricky with different length candidates in a batch. I'm not sure about the others.

Now I just finished episerver. I took a close look at the rest of the formats in that list, and found a few 'technical' issues.

- For 7z, keepass and pdf, there's AES encryption involved at some step of hashing (and also RC4 in pdf). But so far we don't have a SIMD implementation of AES (or RC4). I'm not sure how to handle this.

- In clipperz, the salt has a maximum length of 128 byte, which is beyond the size of a single input block for SHA256. I've seen flags like SSEi_2BUF_INPUT and SSEi_4BUF_INPUT. I guess I'll have to quadruple the size the vector buffer to accommodate the salt ?

- The dragonflys seem quite straightforward to me. But they are not interesting ?


Lei

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.