Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 17 Apr 2011 02:05:51 +0200
From: magnum <>
Subject: MS formats optimisations (was [john-users] New format: MS Kerberos!)

On 2011-04-10 16:55, magnum wrote:
> Performance is not very impressive, it's OpenSSL.

After having time to actually understand my copy-paste-hack better I 
have realised the above is not true. It uses Solar's md4 and md5 and a 
hmac_md5 originally from the Samba project, altered by JoMo-Kun so it 
uses Solar's md5 routines. It does use OpenSSL's RC4 but that doesn't 
even show up in profiling so it's not a problem.

In revision 12 of my patch I have optimised that hmac_md5 a little. It 
was very inefficient, like first memsetting everything to zero, then 
setting everything to something else. This also affected LMv2 and NETLMv2.

Anyway, in set_key() we produce an ordinary NT hash from the plaintext. 
This also applies to NETNTLM, NETLMv2, NETNTLMv2. I wonder if this would 
benefit from applying a modified copy of crypt_all_generic (or even 
something arch specific) from NT_fmt.c? That one saves the last steps to 
cmp_exact (or _one) so it can't be used as-is but I think I could puzzle 
it together. But I'm not sure if it would perform that much better than 
the current raw md4 when just producing one NT hash at a time as opposed 
to a bunch of them?

NETLM and MSCHAPv2 has a similar "problem" in that their set_key() need 
to produce an LM hash from the plaintext. These ones currently do use 
OpenSSL. Maybe some of John's own DES code could be used there? I have 
tried to digest it but there are optimisations and stuff that probably 
makes it unusable as is? Like with the NT hashes, we really need a 
proper hash, not a john-proprietary binary.

Any thoughts are welcome.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.