Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 18 Jan 2006 13:15:18 -0800
From: arias@...-g.net
To: john-users@...ts.openwall.com
Subject: Re:  Re: salt manipulation

Radim,

Thank you for the detailed explaination, most of which I had somewhat inferred reading the various dox regarding shadow, crypt(3), etc., but still appreciated nontheless.    I think I did a piss poor job in explaining my question, which is not to say that you didn't answer it somewhere in your reply regardless, however I'll take another shot to explain my circumstances so I may have the clarity to see the incongruous nature of the salts that seem to make things horrifically difficult. :)

For the sake of simplicity let's say i have two password files, each containing precisely one entry each (root), that live on machines of exactly identical architecture.  Each has a hash string containing identical salts that represent an 8 character password of type Alpha.  For example: 


root:BAwwEI4sOsa8k:0:0:Root,,,:/:/bin/sh    -machine A


root:BAPhQBwB0JjUM:0:0:Root,,,:/:/bin/sh    -machine B


After running john for some time, john guesses correctly machine B's password.

BAPhQBwB0JjUM :  RnrfFdnc



Since the encrypted DES 13 character ascii string is obtained from a 56 bit key comprised from the lowest seven bits of each of the 8 characters of the password, and both ecrypted DES 13 character ascii strings share the same salt (BA) in this case, would this not then be of potential to refine the guesswork for machine A's 13 character ascii string?

Or are you saying that despite sharing the salt's alpha notation of letter B and letter A in both instances, that they represent completely different values?  I'm not sure I see how that is the case if the encrypted strings are obtained by the same means ... namely by the 56 bit key that repeatedly encrypts a string constant obtained from the 7 lowest bits of the actual password.


Is any of this making any sense?



Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ