Date: Thu, 26 Jul 2012 01:16:51 +0100 From: magnum <john.magnum@...hmail.com> To: "john-dev@...ts.openwall.com" <john-dev@...ts.openwall.com> Subject: Re: mscash2 / hmac-md5 ambiguity We can't solve the underlying problem. How would we? If you can think of a solution just name it. magnum On 26 jul 2012, at 00:09, Alexander Cherepanov <cherepan@...me.ru> wrote: > On 2012-07-24 03:57, magnum wrote: >> On 2012-07-23 23:19, Alexander Cherepanov wrote: >>> On 2012-07-23 14:46, magnum wrote: >>>> On 2012-07-23 11:47, Alexander Cherepanov wrote: >>>>> mscash2 hashes in their canonical form are nevertheless accepted as >>>>> hmac-md5: >>>>> >>>>> $ cat mscash2.john >>>>> chatelain:$DCC2$10240#chatelain#e4e15fdfafc8e715da9edec3611bfbff >>>>> $ john mscash2.john >>>>> Warning: detected hash type "mscash2", but the string is also recognized >>>>> as "hmac-md5" >>>>> Use the "--format=hmac-md5" option to force loading these as that type >>>>> instead >>>>> Loaded 1 password hash (M$ Cache Hash 2 (DCC2) PBKDF2-HMAC-SHA-1 >>>>> [128/128 SSE2 intrinsics 8x]) >>>>> guesses: 0 time: 0:00:00:02 0.00% (2) c/s: 339 trying: 123456 - >>>>> abc123 >>>>> Session aborted >>>>> $ john --format=hmac-md5 mscash2.john >>>>> Loaded 1 password hash (HMAC MD5 [128/128 SSE2 intrinsics 12x]) >>>>> guesses: 0 time: 0:00:00:02 0.00% (3) c/s: 1120K trying: 123man - >>>>> 123mah >>>>> Session aborted >>>>> >>>>> IMHO that's not very good. >>>> >>>> It was much worse until we forced hmac-md5 to lower precedence than >>>> mscash. Now it is just cosmetic. That hash *is* a valid hmac-md5 hash, >>>> with a salt of "$DCC2$10240#chatelain". >>> >>> Were these forms chosen for compatibility with other tools? I mean it's >>> a pity to have a special, canonical form for a hash which clashes with >>> other formats. >> >> It does not really clash, it just warns. It picks mscash2, emits the >> notice and all is fine. Is it that bad? I loved when core got this feature. > > Problem is not in the warning itself. The warning is helpful. The problem is what it warns about. > > Suppose that Korelogic will include hmac-md5 in the upcoming contest. Then you cannot load these hashes without --format. > > Second problem: you cannot put both types of hashes in one file. Wouldn't it be better to have only one file with all hashes? I mean, to have one file instead of 20 is very convenient. Then you can select desirable part of it with --format. But this is impossible when there are collisions in canonical forms of given types of hashes. > >>>> We can stop this by >>>> black-listing certain format salts. That's OK with me but in some way >>>> it's a flawed path. >>> >>> Agreed. >> >> Just thinking out loud here: Let's say we could teach the hmac-MD5 >> format that "it" should not emit that warning if the salt starts with >> $DCC2$10240# - as opposed to always reject it in valid(). In the >> (unlikely) case this was really a hmac salt, we could still use the hmac >> format using --format. If we don't, it will pick mscash2 and not >> complain. The only problem with this approach is it's not supported by >> the current core and I'm not sure how we could implement that... or... >> perhaps hmac-md5's valid() could take a peek at options.format (the >> --format argument) and behave differently if unset... maybe this is >> possible. I might try that some time. > > You mean to just silence the warning? I don't think it should be done without solving underlying problem. > > -- > Alexander Cherepanov >
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.