Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 31 Dec 2012 06:32:41 +0100
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Formats dmg, encfs and strip crash on longer passwords

On 31 Dec, 2012, at 6:09 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:

> On Mon, Dec 31, 2012 at 9:52 AM, magnum <john.magnum@...hmail.com> wrote:
>> On 31 Dec, 2012, at 5:03 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
>>> 4. ZIP files using AES 256-bit encryption require very long PBKDF2 output (upto 66 bytes). Can the new PBKDF2 code do this? Strangely the zip OpenCL handles this just fine!
>> 
>> As-is, it produces 40 bytes but only 32 are used. It can output up to 40 bytes with a super trivial modification. How do they do more, another bunch of iterations?
> 
> I just looked at zip_kernel.cl file and after reading it I have *no*
> clue how it outputs 66 bytes. However, I think it does output 66
> bytes. Can you take a look?

It's the 3x for loop plus 1x after it. Each big_hmac_sha1() does 1000 iterations and produces 20 bytes. So that kernel actually produce 80 bytes of output in 4000 iterations but only 66 are used.

I could change my kernel to be as flexible as Gladman's derive_key() but I'd have to be careful to keep it optimized.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.