Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Mon, 4 Mar 2013 19:23:39 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: dmg2john used and password cracked, hdiutil fails to accept it

On 4 Mar, 2013, at 8:06 , Milen Rangelov <gat3way@...il.com> wrote:

>> Are you using the same v1 test in hashkill btw? I'm not sure how we can
>> improve it without changing dmg2john so it stores data just like for v2.
>> 
>> 
> hashkill does the header parsing in the plugin itself. I had it hardcoded
> to 1000, then switched to getting the header's  iterations count and now
> again to 1000 for v1. I guess we can safely assume that v1 headers will
> always use 1000? I think v1 is not used anymore for a couple of osx
> versions back.

Yes, but I meant the verification during cracking. I don't quite get the apple_des3_ede_unwrap_key1() function in our format but it does not compare the decrypted stuff with anything known. It just rejects hashes when certain EVP decrypt calls return non-zero. I presume this means we are accepting any candidate that happens to pass the padding check? This should merely pose as early reject and we need more stringent tests following it.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.