Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 27 Jul 2012 02:57:22 +0400
From: Alexander Cherepanov <>
Subject: Re: mscash2 / hmac-md5 ambiguity

One solution is to add to hmac-md5 hashes some prefix like $HMAC-MD5$ or 
{HMAC-MD5}. BTW why there is none now?
(And stop accepting old form.)

Another solution is to change canonical representation for mscash2 in 
such a way that it's not accepted as other types. (Old form could still 
be accepted -- it doesn't hurt if we can just use new form.)

Alexander Cherepanov

On 2012-07-26 04:16, magnum wrote:
> We can't solve the underlying problem. How would we? If you can think of a solution just name it.
> magnum
> On 26 jul 2012, at 00:09, Alexander Cherepanov<>  wrote:
>> On 2012-07-24 03:57, magnum wrote:
>>> On 2012-07-23 23:19, Alexander Cherepanov wrote:
>>>> On 2012-07-23 14:46, magnum wrote:
>>>>> On 2012-07-23 11:47, Alexander Cherepanov wrote:
>>>>>> mscash2 hashes in their canonical form are nevertheless accepted as
>>>>>> hmac-md5:
>>>>>> $ cat mscash2.john
>>>>>> chatelain:$DCC2$10240#chatelain#e4e15fdfafc8e715da9edec3611bfbff
>>>>>> $ john mscash2.john
>>>>>> Warning: detected hash type "mscash2", but the string is also recognized
>>>>>> as "hmac-md5"
>>>>>> Use the "--format=hmac-md5" option to force loading these as that type
>>>>>> instead
>>>>>> Loaded 1 password hash (M$ Cache Hash 2 (DCC2) PBKDF2-HMAC-SHA-1
>>>>>> [128/128 SSE2 intrinsics 8x])
>>>>>> guesses: 0  time: 0:00:00:02 0.00% (2)  c/s: 339  trying: 123456 -
>>>>>> abc123
>>>>>> Session aborted
>>>>>> $ john --format=hmac-md5 mscash2.john
>>>>>> Loaded 1 password hash (HMAC MD5 [128/128 SSE2 intrinsics 12x])
>>>>>> guesses: 0  time: 0:00:00:02 0.00% (3)  c/s: 1120K  trying: 123man -
>>>>>> 123mah
>>>>>> Session aborted
>>>>>> IMHO that's not very good.
>>>>> It was much worse until we forced hmac-md5 to lower precedence than
>>>>> mscash. Now it is just cosmetic. That hash *is* a valid hmac-md5 hash,
>>>>> with a salt of "$DCC2$10240#chatelain".
>>>> Were these forms chosen for compatibility with other tools? I mean it's
>>>> a pity to have a special, canonical form for a hash which clashes with
>>>> other formats.
>>> It does not really clash, it just warns. It picks mscash2, emits the
>>> notice and all is fine. Is it that bad? I loved when core got this feature.
>> Problem is not in the warning itself. The warning is helpful. The problem is what it warns about.
>> Suppose that Korelogic will include hmac-md5 in the upcoming contest. Then you cannot load these hashes without --format.
>> Second problem: you cannot put both types of hashes in one file. Wouldn't it be better to have only one file with all hashes? I mean, to have one file instead of 20 is very convenient. Then you can select desirable part of it with --format. But this is impossible when there are collisions in canonical forms of given types of hashes.
>>>>> We can stop this by
>>>>> black-listing certain format salts. That's OK with me but in some way
>>>>> it's a flawed path.
>>>> Agreed.
>>> Just thinking out loud here: Let's say we could teach the hmac-MD5
>>> format that "it" should not emit that warning if the salt starts with
>>> $DCC2$10240# - as opposed to always reject it in valid(). In the
>>> (unlikely) case this was really a hmac salt, we could still use the hmac
>>> format using --format. If we don't, it will pick mscash2 and not
>>> complain. The only problem with this approach is it's not supported by
>>> the current core and I'm not sure how we could implement that... or...
>>> perhaps hmac-md5's valid() could take a peek at options.format (the
>>> --format argument) and behave differently if unset... maybe this is
>>> possible. I might try that some time.
>> You mean to just silence the warning? I don't think it should be done without solving underlying problem.
>> --
>> Alexander Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.