Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Wed, 18 Jan 2006 23:40:40 +0000 (UTC)
From:  Radim Horak <yesbody@...nam.cz>
To: john-users@...ts.openwall.com
Subject:  Re: salt manipulation

 <arias@...> writes:

> For the sake of simplicity let's say i have two password files, each 
containing precisely one entry each
> (root), that live on machines of exactly identical architecture.  Each has a 
hash string containing
> identical salts that represent an 8 character password of type Alpha.  For 
example: 
> 
> root:BAwwEI4sOsa8k:0:0:Root,,,:/:/bin/sh    -machine A
> 
> root:BAPhQBwB0JjUM:0:0:Root,,,:/:/bin/sh    -machine B
> 
> After running john for some time, john guesses correctly machine B's password.
> 
> BAPhQBwB0JjUM :  RnrfFdnc
> 
> Since the encrypted DES 13 character ascii string is obtained from a 56 bit 
key comprised from the lowest
> seven bits of each of the 8 characters of the password, and both ecrypted DES 
13 character ascii strings
> share the same salt (BA) in this case, would this not then be of potential to 
refine the guesswork for
> machine A's 13 character ascii string?

> Or are you saying that despite sharing the salt's alpha notation of letter B 
and letter A in both instances,
> that they represent completely different values?  I'm not sure I see how that 
is the case if the encrypted
> strings are obtained by the same means ... namely by the 56 bit key that 
repeatedly encrypts a string
> constant obtained from the 7 lowest bits of the actual password.
> 
> Is any of this making any sense?
> 

As I said earlier: Cracking password with certain hash (BA) helps in NO WAY to 
crack different password with the same salt. Moreover, if you are cracking only 
1 password, it is irrelevant if it uses salt or not. And the machine and it's 
architecture is also irrelevant. Salts do NOT reduce complexity, they increase 
it.

The salt string "BA" is not encrypted independently, it is not encrypted at all. 
It is just used to change the password (those 8 characters) before encryption. 

I can generate hash with BA salt from ANY password and that's why it does NOT 
get me one step closer to the second uncracked password - it could be anything.
(ie. BAJ1ztYH0JZkM: anything, BAEtYMKB40o5E: 4NYtH|N6 :)

IF salts were helpful in cracking passwords, anybody could generate any password 
with all 4096 salts (hashes) - and he would then SOMEHOW crack all other 
passwords more easily??? This is complete NONSENS!

In your example you can only guess the second password more easily if it's 
similar to the first password (ie. based on the knowledge of this person's 
strategy on creating passwords) AND if you know in what way they are similar. 
The shared salt has nothing to do with it.

And, btw. I think the proper hash of "RnrfFdnc" with "BA" salt is 
"BA8wXEAXrXU9Y" :)

-Radim

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ