Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 May 2011 02:05:41 +0200
From: magnum <>
Subject: Re: "excessive partial hash collisions detected" for mskrb5

On 2011-05-23 01:27, Solar Designer wrote:
> On Sun, May 22, 2011 at 11:47:21PM +0200, magnum wrote:
>> True, I have no binary_hash() or get_hash() functions. As far as I can
>> tell, there's just no way to implement them for this format. I think you
> This sounds right.
>> If not, maybe there should be a way to tell john that it should not emit
>> that warning for this format (and possibly some others)? Maybe just the
>> fact that I'm also using fmt_default_binary()?
> I think we can add a check for zero binary_size to loader.c - and not
> print the warning if so.

Yes, that sounds like a better idea.

> You could move from decryption (resulting in known plaintext) to
> encryption (of the known plaintext), then you could compare
> partial ciphertexts and compute hashes of those.  Moreover, you'd get
> rid of salts, for a huge speedup (when there's more than one of these
> non-hashes to crack).  But this might not be possible in your specific
> case (I haven't checked whether it is).  I think it depends on things
> such as block cipher mode used (should be possible for ECB, but not for
> chaining modes if plaintext for the preceding blocks is not known).

This may be possible. It's RC4. I will give this some more thought.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.