Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 19 Jun 2018 12:26:42 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: CAST5 GPU cracking

On Mon, Jun 18, 2018 at 07:35:51PM +0000, crack.cast5@...mail.net wrote:
> Now I am using 2.6.3.

> [ec2-user@ run]$ ./gpg2john newold.asc

> [ec2-user@ run]$ cat >newold_out.txt

I suggest that going forward you don't copy-paste this, but instead run
gpg2john with output redirected to the file:

./gpg2john newold.asc > newold_out.txt

> Cost 2 (hash algorithm [1:MD5 2:SHA1 3:RIPEMD160 8:SHA256 9:SHA384  
> 10:SHA512 11:SHA224]) is 0 for all loaded hashes

Well, at least this is wrong (cost value not among the listed options)
and probably indicates we have a bug in there.  However, the below fix
alone doesn't result in the password getting cracked.

$ git diff
diff --git a/src/gpg_common_plug.c b/src/gpg_common_plug.c
index 0cbfb36..c787f71 100644
--- a/src/gpg_common_plug.c
+++ b/src/gpg_common_plug.c
@@ -891,6 +891,8 @@ void *gpg_common_get_salt(char *ciphertext)
        psalt->usage = atoi(p);
        p = strtokm(NULL, "*");
        psalt->hash_algorithm = atoi(p);
+       if (!psalt->hash_algorithm)
+               psalt->hash_algorithm = HASH_MD5;
        p = strtokm(NULL, "*");
        psalt->cipher_algorithm = atoi(p);
        if (!psalt->symmetric_mode) {

Cost 2 (hash algorithm [1:MD5 2:SHA1 3:RIPEMD160 8:SHA256 9:SHA384 10:SHA512 11:SHA224]) is 1 for all loaded hashes

So there's probably more for us to fix to support PGP keys this old.

Thanks,

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ