Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 29 Aug 2006 14:32:59 +0200 (CEST)
From: rembrandt@...erlin.de
To: john-users@...ts.openwall.com
Subject: Re: Using a pre-computed list of alphanumeric 
     strings. (not rainbow tables)

> Why would you have to generate that for every salt? When you have a word
> list, its just plain text dictionary file, and John uses that.
>
> I guess I overlooked something.....when I was cracking NT hashes with
> pre-generated rainbow tables.... I could do it fast and effectively
> because
> the hash could be broken into two 7 char strings, so really you are only
> cracking 7 chars at a time....a MUCH smaller list then having a table of
> all
> possible 14char alphanumeric combinations....
>
> Thanks.

Because somebody mentioned the space needed to store "Rainbowtables":
This space can get reduced dramaticly using the "right" compression
algorithm.

I will (again) mention LZMA because it compresses REALY awesome.
But except of "words" I`ll show you a example:

godfather $ du -h phatbot_current_source.tar.lzma
7.0M    phatbot_current_source.tar.lzma
godfather $ time lzmash -d phatbot_current_source.tar.lzma
    0m4.63s real     0m1.77s user     0m0.42s system
godfather $ du -h phatbot_current_source.tar
182M    phatbot_current_source.tar

This is the PhatBot (aka Agobot3) Sourcecode including A LOT variants and
plugins and foo. As you can see I`m able to compress it down to 7MB.

Comparing lzma to gzip and bzip2:

godfather $ gzip -9 phatbot_current_source.tar
godfather $ du -h phatbot_current_source.tar.gz
57.8M   phatbot_current_source.tar.gz
godfather $ time gunzip phatbot_current_source.tar.gz
    0m12.83s real     0m1.12s user     0m0.30s system
godfather $ bzip2 -9 phatbot_current_source.tar
godfather $ du -h phatbot_current_source.tar.bz2
52.4M   phatbot_current_source.tar.bz2
godfather $ time bunzip2 phatbot_current_source.tar.bz2
    0m19.24s real     0m12.33s user     0m0.32s system

Results (time) are maybe NOT correct because I have 2 running JtRs.
LZMA decompresses much faster then bzip2 but mostly a littlebit slower
(not very much, just a littlebit) then gzip.

I did not tested how long it takes to comrpess because for realy BIG files
you may need hours to compress it with LZMA.

Downsides of LZMA:

- You need a LOT RAM to compress with the "best" values (even I didn`t
  compressed it with the BEST values because I just have 2Gb).
- It may take hours to compress (depends to the original filesize)

Advantage:

- It decompresses much faster then bzip2
- It`s VERY useable for stuff you may compress ONCE but decompress/use a lot

Decompression enegine is about ~10kb so it wont make &your programm here&
that fat.

And that LM can get splitted into 7 char blocks is right and this means
you just need a rainbowtable up to 7 Chars because a PW of about 12 chars
gets splitted into 7+5 and should get brocken absolutly fast.

So conclusion: It makes sense to may even enable JtR to use Rainbowbooks,
at least for such weak algorithms.
It will become kinda useless for Blowfish or maybe even MD5 but for DES/LM
it may makes sense (combinated with a good compression).

Kind regards,
Rembrandt


-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ