Date: Sat, 7 Apr 2012 16:23:56 +0400 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: Mac OS X keychains and FileVault On Sat, Apr 07, 2012 at 05:32:12PM +0530, Dhiru Kholia wrote: > On Sun, Apr 1, 2012 at 11:34 AM, Solar Designer <solar@...nwall.com> wrote: > > http://www.ucc.asn.au/~matt/src/ - extractkeychain-0.1.tar.gz > > Does this work with current version of OS X key-chains? I have no idea, but I guess that it does. I found it much later than I stopped playing with cracking a keychain. > If yes, this > will be the most promising option for developing a JtR plug-in. Yes. > > http://www.georgestarcher.com/?page_id=256 - crowbarDMG, crowbarKC > > It looks like this tool too uses OS X internal calls (people have > complained about its speed). Maybe. However, the speed won't be very high even if we implement our own crypto - per BLOBFORMAT, there's PBKDF2 with 1000 iterations. > I also found a new tool : osx-keychain-brute > (http://mirror.transact.net.au/pub/sourceforge/p/project/po/potaru-pentest/, > no sources though). Looks like it calls SecKeychainUnlock function. > Claimed speed is 500 k/s. Sounds unrealistic to me. "FEATURES ADDED - Every 500 passwords the current word is shown to the user" This seems to imply a fairly low speed - much like what I was getting. Oh, I also triggered a memory leak (somewhere in a library used by securityd, IIRC) in the original OS X 10.5 by running that attack. My 1 GB RAM MacBook would fail in 1-2 days of running the attack. I reported this to Apple at the time, so hopefully it's fixed by now. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.