Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 31 Dec 2011 15:08:24 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: SSE/intrinsics for sapB/sapG [was: john-users]

On 12/31/2011 02:47 PM, magnum wrote:
> On 12/31/2011 02:27 PM, magnum wrote:
>> On 12/31/2011 04:30 AM, jfoug@....net wrote:
>>>> Jim, Simon, how would I do a crypt of between 56 and 63 bytes? Is this
>>>> not possible? Can we actually only do 0-55 *or* 64-119 bytes?
>>>
>>> To encrypt 56 bytes, do this:
>>>
>>> 1. set the 56 bytes, then set 0x80 as the 57th, and null out the rest.
>>> Do the sha.
>>> 2. create another buffer. NULL the entire buffer, but put 56<<3 into
>>> the length location (last 8 bytes, BE format, I think).
>>> 3. perform sha on this, using the results of step 1 as the init seed.
>
> For 56-59 bytes we can do the above. For 60 bytes, I presume we put all
> of them in the first buffer but the 0x80 in the second. For 61-63 bytes
> we also need to put the last couple of bytes in the second buffer.

That presumtion was wrong. I'm starting to get this straight now. We can 
actually do the described procedure for 56-63 bytes and for any of those 
lengths, the 0x80 fits in the first buffer and the second buffer is all 
nulls except for the length byte.

For exactly 64 bytes, the 0x80 obviously comes first thing in the second 
buffer.

> I suppose the figures are sligthly different for MD4 and MD5, where the
> length byte is placed at 14*4 instead of 15*4?

Perhaps not. It will be exactly the same, right?

I think all coins fell down now :) but we should document this on the 
wiki. Now, at least it's in the list archives!

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.