Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 1 Feb 2013 21:22:51 +0400
From: Solar Designer <>
Subject: Re: NTLMv1 and MSCHAPv2 (was: NetNTLMv1)

On Fri, Feb 01, 2013 at 05:58:44PM +0100, magnum wrote:
> Fixed. I have also merged the same exploit and SIMD code to MSCHAPv2. That format is very similar - in JtR all main functions are identical except get_salt() so this was very wasy. Actually we should wrap them in the same source file so we don't need to incorporate the same optimizations to both formats in the future.


I think a similar trick may be possible for NetLM as well - in fact, I
think that's what mudge's examples from the 1997 posting found by
Alexander were about.  I just don't have time and desire to look into it
myself now - but you may. ;-)

Here's a concern about these optimizations, though: they slow down the
loading, which may be nasty if someone is cracking a very large number
of C/R pairs at once.  I think the 32k DES encryptions with OpenSSL's
code on one CPU core may be taking about 10 ms, which means a loading
speed of 100 C/R pairs per second.  With 1 million to load, that's 3 hours.
Is it realistic that someone will have this many?

Should we possibly print a warning when we determine that the number of
C/R pairs is 100 or larger?  Should we provide an alternative mode -
like the code we had before? some way to invoke John to crack the 3rd
DES blocks only and record the 16-bit results for reuse by subsequent

Another concern: when the number of responses per challenge is very
large, these optimizations may actually be slowing things down, because
we're no longer providing hash functions with larger than 16-bit output.
Is it realistic that someone would have millions of responses for the
same challenge?  Perhaps if a fixed challenge is provided in an active

I think the typical case is having only a relatively small number of C/R
pairs, though.  If so, our changes speed things up a lot.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.