Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 31 Jan 2013 08:34:18 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: DMG (was: dmg2john)

On Thu, Jan 31, 2013 at 5:17 AM, magnum <john.magnum@...hmail.com> wrote:
> On 30 Jan, 2013, at 18:54 , Milen Rangelov <gat3way@...il.com> wrote:
>> In the header structure, there is a member,  uint32_t kdf_iteration_count which holds the iteration count. I've never seen a dmg file having iteration count different than 1000, but you could check that if the image has different parameters. I am very interested in the results as well since I have also fixed 1000 iterations.
>
> Ah, thanks. How did you ever get the idea to hard code that!?

I failed to anticipate this change in iteration count. My recent
attempts to debug this format were proving useless because I had
overlooked this (simple) fact.

> Bad news: The iterations count in my test files varies a little and it's not even numbers, but it's over 200,000 (how many SHA-1's is that per candidate, for a key length of 32? About 800,000 I think?). That's a good bump from 1000. At first this did not seem correct (still did not crack) but when I dumped the resulting plaintext I could see lots of consecutive zeros when the right key is used, so this is actually right. Over 200 times slower than older versions.
>
> So I added a known-plain test of "8 consecutive nulls" and voila, my test files can be cracked

I am maintaining sample / test .dmg files at
https://github.com/kholia/VileFault/tree/master/tests

Can you please add "failing" test files in that repository?

> When I incorporated the same to the OpenCL format I noticed that it did not support v1 hashes at all although its valid() did not reject them. I really hope we don't have more such bad things in unstable. I made it up to par with CPU code.

My bad :(

> Anyway, please test. Try old files, new files, different kinds of formats, encryption types, partition tables and so on. I bet we need even more known plains to test for in order to get every kind of them. This format needs its own README stating its limitations.

Yes, I agree with you. I can work on writing this README file.

-- 
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.