Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 23 Aug 2012 18:01:55 -0400 (EDT)
From: jfoug@....net
To: john-dev@...ts.openwall.com
Subject: RFC dynamic changes:  Was: RE: [john-users] Is there any patch to
 crack MySQL Network auth?

Ok, here is the issues:

1. changes to get all 4 functions working (append2 to 1, 2 to 2, 1 to 1) 
for 16 byte hashes (md4/md5) is pretty easy.
2. changes to all other formats are not quite as simple, and here is 
where I would like some feedback.

Currently all 'larger' hash formats, perform a crypt, and fully write 
the results to 'some' buffer (1 or 2).  They may append, or they may 
overwrite.  However, there is no access to the original raw crypt 
buffer.  This may sound limiting, but actually, almost all formats one 
can think of can be designed under these limitations.

Also, the current dynamic ONLY is able to support a simple function call 
of:  void pFunc(void).  Thus, there is little that can be done, other 
than writing more functions.

However, for this, I was thinking of adding a few special functions 
which do setup behavior properties, of these larger hash functions.

Here are the existing functions available to SHA224 (all of them, SHA1, 
SHA224, ... WHIRLPOOL, GOST, etc, are the same) :

extern void DynamicFunc__SHA224_crypt_input1_append_input2_base16();
extern void DynamicFunc__SHA224_crypt_input2_append_input1_base16();
extern void DynamicFunc__SHA224_crypt_input1_overwrite_input1_base16();
extern void DynamicFunc__SHA224_crypt_input2_overwrite_input2_base16();
extern void DynamicFunc__SHA224_crypt_input1_overwrite_input2_base16();
extern void DynamicFunc__SHA224_crypt_input2_overwrite_input1_base16();
extern void DynamicFunc__SHA224_crypt_input1_to_output1_FINAL();
extern void DynamicFunc__SHA224_crypt_input2_to_output1_FINAL();

What I was thinking of doing is this

1. keep the above functions (depricated).  The _FINAL() are kept as is.
2. Building new functiosn:

extern void DynamicFunc__SHA224_crypt_input1_append_input2();
extern void DynamicFunc__SHA224_crypt_input2_append_input1();
extern void DynamicFunc__SHA224_crypt_input1_overwrite_input1();
extern void DynamicFunc__SHA224_crypt_input2_overwrite_input2();
extern void DynamicFunc__SHA224_crypt_input1_overwrite_input2();
extern void DynamicFunc__SHA224_crypt_input2_overwrite_input1();

3. each of the large hash types would have their own 'set' of the above 
functions.
4. create these new functions which set a global, that changes the 
behavior of these functions (not md4/md5 only the longer hashes)

extern void DynamicFunc__LargeHash_OUTMode_base16();
extern void DynamicFunc__LargeHash_OUTMode_base16u();
extern void DynamicFunc__LargeHash_OUTMode_base64();
extern void DynamicFunc__LargeHash_OUTMode_raw();


base16 would be the 'default'  each new crypt() call would start out 
with.  So to do a raw sha256($p)^4 (4 raw sha's back to back), one would 
issue:

DynamicFunc__LargeHash_OUTMode_raw
DynamicFunc__clean_input
DynamicFunc__append_keys
DynamicFunc__clean_input2
DynamicFunc__SHA224_crypt_input1_append_input2
DynamicFunc__clean_input
DynamicFunc__SHA224_crypt_input2_append_input1
DynamicFunc__clean_input2_kwik
DynamicFunc__SHA224_crypt_input1_append_input2
DynamicFunc__SHA224_crypt_input2_to_output1_FINAL


What are others thoughts on this?   Can someone think of a better way to 
do this.  I really do not want to add an extra 6 dynamic function 
primative functions to each 'large' hash type. Only to have to add 
another 6 later, for upper case hex, then another 6 (EACH) for base64, 
then another 6 for some other type, etc, etc, etc.   This method, while 
being a 2 step method, and also making the primatives more complex, does 
scale better, IMOH.  But I am 100% open to other / better ideas.

Jim.


> From: "jfoug" <jfoug@....net>
>
> This is not a simple fix. I am not sure I would be able to get this 
> out for
> the current jumbo, but can get changes in to a future version.  Yes, 
> the
> only 'raw' methods work with fixed md5 (md4) sized crypt buffers.
>
>> From: Solar Designer [mailto:solar@...nwall.com]
>>
>> Jim -
>>
>> On Wed, Aug 22, 2012 at 09:06:07PM +0400, Aleksey Cherepanov wrote:
>>> On Wed, Aug 22, 2012 at 07:48:10PM +0400, Vladimir Vorontsov wrote:
>>>> Need to brute that:
>>>> SHA1(salt + SHA1(SHA1($password)))
>>>
>>> I guess you could use dynamic for that (doc/DYNAMIC in jumbo).
>>
>> I briefly looked into implementing this as a dynamic, however we 
>> appear
>> to lack the needed dynamic functions currently (as of 1.7.9-jumbo-6).
>> Specifically, I couldn't find a way to reuse raw (as opposed to
>> hex-encoded) output of SHA-1 for another SHA-1 computation.
>>
>> Please help implement this dynamic for 1.7.9-jumbo-6 or confirm that
>> this is not currently possible (and make it possible in a later
>> version).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.