Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 24 Jul 2012 13:01:54 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: RE: Add support for cracking M$ Outlook's PST files

Here is a faster version. It uses the pkzip.h crc table, But still 'can' use
the pst-crc.h file also (just slower).

I changed the OMP scale, and scale of non OMP builds (Dhiru, for fast
hashes, you really need to change these, and stop using existing code you
did for slow formats).

For this code, there is a #define within crypt_all.  If that is set to 1,
your header file code is used. If set to 0 (where it is set now), the pkzip
code is used.

The only difference from 'normal' CRC32 (like in pkzip) and this PST crc, is
in the initialization, and lack of complement on ending.  But the crc poly
is the same, and this is trivial to setup to use the existing tables.   The
code was 'falsely' thinking that doing these CRC's 4 bytes at a time was
faster. It may be faster on longer strings, but on shorter stuff (like JTR
password cracking), the initial and post for loops slow things down beyond
the gains seen.

Here are my benches:

Original code with 1 for MAX_KEYS_PER_CRYPT
$ ../run/john -test=5 -form=pst
Benchmarking: PST custom CRC32 [32/32]... DONE
Raw:    15876K c/s real, 15908K c/s virtual

Original code, but with 256 for MAX_KEYS_PER_CRYPT
$ ../run/john -test=5 -form=pst
Benchmarking: PST custom CRC32 [32/32]... DONE
Raw:    22919K c/s real, 22970K c/s virtual

PST using the pkzip crc header macros (256 keys)
$ ../run/john -test=5 -form=pst
Benchmarking: PST custom CRC32 [32/32]... DONE
Raw:    33267K c/s real, 33296K c/s virtual

The CRC32 format. (as a reference)
$ ../run/john -test=5 -form=crc32
Benchmarking: CRC-32 [32/32]... DONE
Many salts:     65184K c/s real, 65200K c/s virtual
Only one salt:  33053K c/s real, 33037K c/s virtual

I think this 'could' be done in crc format, with salt of 00000000, but I
would have to check.  The complement may have messed things up.

I also did not include the changes needed to get this working with bleeding.
This is magnum-jumbo only.

Jim.

>On Tuesday, July 24, 2012 10:33 AM: Dhiru Kholia wrote,
>
>The attached patch (against magnum-jumbo branch) adds support for
>cracking M$ Outlook's PST files. In my experience, CRC32 (custom
>version) collisions can be generated in less than 15 minutes on AMD X3
>720 CPU (1 core).
>
>There is one warning in the code "pst-crc32.h:554:25: warning: cast from
>pointer to integer of different size" which needs fixing. magnum, Can
>you take a look?

Download attachment "0001-Add-support-for-cracking-M-Outlook-s-PST-files-v2.patch" of type "application/octet-stream" (1329 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.