Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sat, 10 Aug 2013 23:30:14 +0200
From: Katja Malvoni <kmalvoni@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: Parallella: bcrypt

Hi Alexander,

On Sat, Aug 10, 2013 at 2:48 PM, Solar Designer <solar@...nwall.com> wrote:

> Here's further advice on this: use $2a$00 hashes - that is, with only
> one iteration of the (otherwise) most costly loop.  These are not
> exactly valid bcrypt hashes (the original implementation imposes a
> minimum of 04 for the cost setting), yet you may use them for quicker
> testing, as well as to stress-test the host-Epiphany communication.
>

I did that and I can't make it fail... I used
http://git.musl-libc.org/cgit/musl/plain/src/crypt/crypt_blowfish.c to
generate $2a$00 hashes (removed self test and commented out "if (setting[0]
!= '$' || ... || setting[6] != '$') return NULL;" in BF_crypt()). I
generated 5 million random strings, read one by one and called BF_crypt()
with setting "$2a$00$XXXXXXXXXXXXXXXXXXXXXO". Than wrote string and hash in
new file. I used that file to compute and check hashes on Parallella. I
modified parallella_bf_fmt.c (added main, removed get_hash, get_binary and
cmp functions, removed valid function) and used same Epiphany code as in
JtR. In main, file that contains strings and hashes is read line by line.
64 lines are read (32 keys and 32 hashes), keys are set and crypt_all is
called. After that, BF_decode() is used on 32 correct hashes (generated
using crypt_blowfish.c) so that correct hashes can be compared with hashes
computed by Epiphany. Only one salt is used for all hashes and first 64
bits are checked as in JtR.
I also tried keys longer than 72, it didn't fail. And I tried with 800000
hashes and other shorter tests, it passed all of them.

Except those, I also did tests using $2a$04$ hashes generated with
http://pythonhosted.org/passlib/lib/passlib.hash.bcrypt.html. Most of tests
were short, longest one had 80000 hashes. In this case all salts were
different and same hash was computed on every Epiphany core to check
whether all cores return same result.

Since it haven't failed yet, I guess I'm not testing it like I should.

Katja

Content of type "text/html" skipped

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.