Date: Tue, 10 Apr 2012 20:09:56 +0530 From: Dhiru Kholia <dhiru.kholia@...il.com> To: john-dev@...ts.openwall.com, john-users@...ts.openwall.com Subject: Re: Mac OS X keychains and FileVault On Tue, Apr 10, 2012 at 12:01 PM, Dhiru Kholia <dhiru.kholia@...il.com> wrote: > On Mon, Apr 9, 2012 at 11:10 PM, Dhiru Kholia <dhiru.kholia@...il.com> wrote: >> I have implement a JtR plug-in for cracking Mac OS X Keychain >> passwords based on extractkeychain-0.1. > > There is a bug in the current code which leads to large number of > false positives. The problem is that only checking padding bytes is > not enough to detect wrong passwords. Code to calculate and check > HMACSHA1 check sum needs to be figured out and implemented to get rid > of these false positives. extractkeychain-0.1 too does not implement > this check. There are two "enhancements" that can be done to ensure that the user password is detected correctly as wrong or right. Both of these check are described in BLOBFORMAT document. URL: http://opensource.apple.com/source/securityd/securityd-55111/doc/BLOBFORMAT?txt The following checks need to be implemented in JtR plug-in. 10. Verify that SHA1HMAC(DSK, TEMP3) == SIG (using VerifyMac) if fail then password is wrong. 11. Let DEK = Octets 20 though 44 of TEMP1 12. If DEK does not have odd parity in all octets then DBB is corrupt. http://opensource.apple.com/source/securityd/securityd-55111/doc/BLOBFORMAT?txt VerifyMac is used here : http://opensource.apple.com/source/securityd/securityd-55111/src/dbcrypto.cpp HMACSHA1 : http://www.koders.com/c/fidF9A73606BEE357A031F14689D03C089777847EFE.aspx ... Implementing these changes will require understanding securityd's working (by compiling and debugging securityd). This will require a Mac computer which I don't have access to. Can someone with a Mac take over the development of Keychain JtR plug-in from here? -- Cheers, Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.