Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 10 Jul 2013 14:19:11 +0200
From: marcus.desto <marcus.desto@...pl>
To: john-dev@...ts.openwall.com
Subject: Re: PBKDF2 hash_out treatment

magnum,

I think I have found the problem.

It is the salt size. My reference input contained a salt with size 32. As I switched to 4 (your test input), the opencl implementation worked well with pyopencl.

Now. I tried different lengths of salt. Finally, I can confirm, that pbkdf2_hmac_sha1_unsplit_kernel.cl produces wrong hashes since length of the input salt string is >23.

I would like to mention that I did not convert the input strings to UTF-8.

In pbkdf2_hmac_sha1_unsplit_kernel.cl I set

#define KEYLEN 20
#define OUTLEN 87
#define SALTLEN 32

Remaining pbkdf2_hmac_sha1_unsplit_kernel.cl has not been modified, except

inline void pbkdf2(__global const uchar * pass, uint passlen,
                   __global const uchar * salt, uint saltlen, uint iterations,
                   __global uint * out, uint outlen)

into:

__kernel void pbkdf2(__global const uchar * pass, uint passlen,
                   __global const uchar * salt, uint saltlen, uint iterations,
                   __global uint * out, uint outlen)

because I am accessing the data not using struct.

Regards,
Marcus


Dnia 10 lipca 2013 14:09 marcus.desto <marcus.desto@...pl> napisał(a):

> Hello magnum,
> 
> 
> Dnia 10 lipca 2013 13:31 magnum <john.magnum@...hmail.com> napisał(a):
> 
> > On 10 Jul, 2013, at 12:21 , marcus.desto <marcus.desto@...pl> wrote:
> > > Hi Alexander,
> > 
> > That's not me :-)  My name is magnum (and only that - the "john" in my email address just refers to JtR).
> > 
> 
> Oh, right. I am sorry. Solar is Alexander.
> 
> > OK. I think pbkdf2_hmac_sha1_unsplit_kernel.cl is better for your intentions and I'm pretty sure it does support running just one iteration. I also think it will return a normal byte sequence and it should be trivial to unpack it to a standard hex string.
> 
> Yeah.
> 
> > 
> > Here's a test vector for pbkdf2-hmac-sha1 at one iteration:
> > 
> >      Input:
> >        P = "password" (8 octets)
> >        S = "salt" (4 octets)
> >        c = 1
> >        dkLen = 20
> > 
> >      Output:
> >        DK = 0c 60 c8 0f 96 1f 0e 71
> >             f3 a9 b5 24 af 60 12 06
> >             2f e0 37 a6             (20 octets)
> > 
> > I take it your intention is to get that as a hex string of "0c60c80f961f0e71f3a9b524af6012062fe037a6", right?
> 
> Yes.
> 
> > 
> > Please post a complete python program, as short/clean as possible, that just calculates this hard-coded test vector and prints the output, first using some prefab Python CPU function, and then (trying to) using pbkdf2_hmac_sha1_unsplit_kernel.cl. I'm sure we can help you get it straight from there.
> > 
> > magnum
> > 
> 
> Alright, thanks. Please, refer to the attachment.
> 
> Marcus

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.