[<prev] [next>] [thread-next>] [day] [month] [year] [list]
```Date: Wed, 11 Apr 2012 16:17:56 +0800
From: myrice <qqlddg@...il.com>
To: john-dev@...ts.openwall.com
Subject: Reverse steps for single round sha(sha-1, sha256/384/512)

Hi, all

It is possible to do some steps reverse in single round hash, for example,
in sha-512, message is less than 1024 bits. I am currently working on
XSHA512 for Mac Lion OS. The maximum length of password is 107(107*8 <
1024). Here is my initial idea of reverse.
Currently, we first compare first 64 bit of hashes. The code likes(Please
refer to cuda/xsha512.cu for more details):

initial H[0..7]; a..h = H[0..7]*    for* i *from* 0 to 79
t1 := ...
t2 := ...
h := g
g := f
f := e
e := d + t1
d := c
c := b
b := a
a := t1 + t2
H += a

For cipher text which is H` append H` append .... H`;
1) H`[0..7] -= H[0..7], we get a80, b80, c80...h80. These means a, b...h in
(i=79)
2) Please see code above, the b80 = a79, c80 = b79, d80 = c79,
e80=d79+t1_80. However, we don't know t1_80, so stop here.
3) And b79 = a78, c79 = b78, d79 = c78 ... b78 = a77, c78 = b77, d78 = c77
4) Focus on d80, d80 = c79 = b78 = a77 = t1_77+t2_77. We don't know t1_77
and t2_77

For now, we can compute to 77th iteration and compare a77 with d80.

Any ideas about it? I think t1 and t2 are main reasons for us to reverse
more steps.

Thanks!
Dongdong Li

Content of type "text/html" skipped
```

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.