Date: Thu, 23 Aug 2012 18:01:55 -0400 (EDT) From: jfoug@....net To: john-dev@...ts.openwall.com Subject: RFC dynamic changes: Was: RE: [john-users] Is there any patch to crack MySQL Network auth? Ok, here is the issues: 1. changes to get all 4 functions working (append2 to 1, 2 to 2, 1 to 1) for 16 byte hashes (md4/md5) is pretty easy. 2. changes to all other formats are not quite as simple, and here is where I would like some feedback. Currently all 'larger' hash formats, perform a crypt, and fully write the results to 'some' buffer (1 or 2). They may append, or they may overwrite. However, there is no access to the original raw crypt buffer. This may sound limiting, but actually, almost all formats one can think of can be designed under these limitations. Also, the current dynamic ONLY is able to support a simple function call of: void pFunc(void). Thus, there is little that can be done, other than writing more functions. However, for this, I was thinking of adding a few special functions which do setup behavior properties, of these larger hash functions. Here are the existing functions available to SHA224 (all of them, SHA1, SHA224, ... WHIRLPOOL, GOST, etc, are the same) : extern void DynamicFunc__SHA224_crypt_input1_append_input2_base16(); extern void DynamicFunc__SHA224_crypt_input2_append_input1_base16(); extern void DynamicFunc__SHA224_crypt_input1_overwrite_input1_base16(); extern void DynamicFunc__SHA224_crypt_input2_overwrite_input2_base16(); extern void DynamicFunc__SHA224_crypt_input1_overwrite_input2_base16(); extern void DynamicFunc__SHA224_crypt_input2_overwrite_input1_base16(); extern void DynamicFunc__SHA224_crypt_input1_to_output1_FINAL(); extern void DynamicFunc__SHA224_crypt_input2_to_output1_FINAL(); What I was thinking of doing is this 1. keep the above functions (depricated). The _FINAL() are kept as is. 2. Building new functiosn: extern void DynamicFunc__SHA224_crypt_input1_append_input2(); extern void DynamicFunc__SHA224_crypt_input2_append_input1(); extern void DynamicFunc__SHA224_crypt_input1_overwrite_input1(); extern void DynamicFunc__SHA224_crypt_input2_overwrite_input2(); extern void DynamicFunc__SHA224_crypt_input1_overwrite_input2(); extern void DynamicFunc__SHA224_crypt_input2_overwrite_input1(); 3. each of the large hash types would have their own 'set' of the above functions. 4. create these new functions which set a global, that changes the behavior of these functions (not md4/md5 only the longer hashes) extern void DynamicFunc__LargeHash_OUTMode_base16(); extern void DynamicFunc__LargeHash_OUTMode_base16u(); extern void DynamicFunc__LargeHash_OUTMode_base64(); extern void DynamicFunc__LargeHash_OUTMode_raw(); base16 would be the 'default' each new crypt() call would start out with. So to do a raw sha256($p)^4 (4 raw sha's back to back), one would issue: DynamicFunc__LargeHash_OUTMode_raw DynamicFunc__clean_input DynamicFunc__append_keys DynamicFunc__clean_input2 DynamicFunc__SHA224_crypt_input1_append_input2 DynamicFunc__clean_input DynamicFunc__SHA224_crypt_input2_append_input1 DynamicFunc__clean_input2_kwik DynamicFunc__SHA224_crypt_input1_append_input2 DynamicFunc__SHA224_crypt_input2_to_output1_FINAL What are others thoughts on this? Can someone think of a better way to do this. I really do not want to add an extra 6 dynamic function primative functions to each 'large' hash type. Only to have to add another 6 later, for upper case hex, then another 6 (EACH) for base64, then another 6 for some other type, etc, etc, etc. This method, while being a 2 step method, and also making the primatives more complex, does scale better, IMOH. But I am 100% open to other / better ideas. Jim. > From: "jfoug" <jfoug@....net> > > This is not a simple fix. I am not sure I would be able to get this > out for > the current jumbo, but can get changes in to a future version. Yes, > the > only 'raw' methods work with fixed md5 (md4) sized crypt buffers. > >> From: Solar Designer [mailto:solar@...nwall.com] >> >> Jim - >> >> On Wed, Aug 22, 2012 at 09:06:07PM +0400, Aleksey Cherepanov wrote: >>> On Wed, Aug 22, 2012 at 07:48:10PM +0400, Vladimir Vorontsov wrote: >>>> Need to brute that: >>>> SHA1(salt + SHA1(SHA1($password))) >>> >>> I guess you could use dynamic for that (doc/DYNAMIC in jumbo). >> >> I briefly looked into implementing this as a dynamic, however we >> appear >> to lack the needed dynamic functions currently (as of 1.7.9-jumbo-6). >> Specifically, I couldn't find a way to reuse raw (as opposed to >> hex-encoded) output of SHA-1 for another SHA-1 computation. >> >> Please help implement this dynamic for 1.7.9-jumbo-6 or confirm that >> this is not currently possible (and make it possible in a later >> version).
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.