Date: Wed, 11 Apr 2012 16:17:56 +0800 From: myrice <qqlddg@...il.com> To: john-dev@...ts.openwall.com Subject: Reverse steps for single round sha(sha-1, sha256/384/512) Hi, all It is possible to do some steps reverse in single round hash, for example, in sha-512, message is less than 1024 bits. I am currently working on XSHA512 for Mac Lion OS. The maximum length of password is 107(107*8 < 1024). Here is my initial idea of reverse. Currently, we first compare first 64 bit of hashes. The code likes(Please refer to cuda/xsha512.cu for more details): initial H[0..7]; a..h = H[0..7]* for* i *from* 0 to 79 t1 := ... t2 := ... h := g g := f f := e e := d + t1 d := c c := b b := a a := t1 + t2 H += a For cipher text which is H` append H` append .... H`; 1) H`[0..7] -= H[0..7], we get a80, b80, c80...h80. These means a, b...h in (i=79) 2) Please see code above, the b80 = a79, c80 = b79, d80 = c79, e80=d79+t1_80. However, we don't know t1_80, so stop here. 3) And b79 = a78, c79 = b78, d79 = c78 ... b78 = a77, c78 = b77, d78 = c77 4) Focus on d80, d80 = c79 = b78 = a77 = t1_77+t2_77. We don't know t1_77 and t2_77 For now, we can compute to 77th iteration and compare a77 with d80. Any ideas about it? I think t1 and t2 are main reasons for us to reverse more steps. Thanks! Dongdong Li Content of type "text/html" skipped
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.