Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 19 Aug 2013 01:58:09 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Parallella: bcrypt

On Mon, Aug 19, 2013 at 12:01:46AM +0400, Solar Designer wrote:
> On Sun, Aug 18, 2013 at 11:51:07PM +0400, Solar Designer wrote:
> > Triggered it again, saving pot files this time.  The missing
> > hash:password is:
> > 
> > $2a$04$112345678911234567891ut.qFr6.NeNDdZuUfBk5WAqRX93tRWSS:38954
> > 
> > (this time).  In case this is relevant:
> > 
> > $ echo $[38954%32]
> > 10
> > 
> > ... now to trigger this a few times more.
> 
> Two more:
> 
> $2a$04$112345678911234567891ur.oaCV2tDJHauGmoz3XARSRocAbQ0Ci:21542
> $2a$04$112345678911234567891uVnXpBKo1PxsBoYbrgOLkoMFF1zhBEeG:39883
> 
> These are 6 and 11 (mod 32).

And even more (different runs):

$2a$04$112345678911234567891uRg/fbu9EZHgvUadzNE4pGTLkEwttzty:30209
$2a$04$112345678911234567891uRPI0ng7O3BV4hUhIGqNi7gyKD7x5IJe:31945
$2a$04$112345678911234567891uhK92kL/3u4NTvd77St2BEZ0RJ7vkHU.:21030

That's 1, 9, 6 (mod 32).

And most curious:

49996g 0:00:00:45 1104g/s 1104p/s 2209c/s 27639KC/s 49984..49999

--- john.pot-2004       2013-08-18 20:49:31.542847499 +0000
+++ john.pot-2005       2013-08-18 20:50:18.904229807 +0000
@@ -4848,14 +4848,10 @@
 $2a$04$012345678901234567890u/i8Y7/xYFt9DZd0DYkxh60jgD1YsTny:4858
 $2a$04$012345678901234567890u2yRiEE8WsFXzxvrDiUVaCwRTQm6ZguW:4860
 $2a$04$012345678901234567890u.G7CVtlS.LpNoSUgBlS9w0kJ40UJWny:4862
-$2a$04$112345678911234567891u4o8k.PGqgCJIRrMZHe7b1T5B3hCAllW:4834
 $2a$04$112345678911234567891uk7k5RqHTPYjRGsKWNX7DOjRQKkiYHUC:4837
-$2a$04$112345678911234567891uyX7fANC2NhkCplNfQGJSSc35YFPCJTO:4841
 $2a$04$112345678911234567891uE3rGc.x1ksKl.hiqd9bgNIQqUu3r1a.:4844
-$2a$04$112345678911234567891uDCEIDJuHwsITwskWEST7KuzuueNrotC:4845
 $2a$04$112345678911234567891ugh4mgc25BcubuBA92rC9Zb5Z1sixiEy:4848
 $2a$04$112345678911234567891uwXt3vllXr/mz5IaQtDY4ItJd4v2lS6W:4849
-$2a$04$112345678911234567891uJ0T7PY2BNMYoGLxq/pcK98.l4eSE3oy:4850
 $2a$04$112345678911234567891uc5RjWf36ocOjJrkblDvEaF0T7K7Jhiq:4851
 $2a$04$112345678911234567891ucHWM4O.cKekIgRYOiUy.5qc.qJ7fJ9e:4853
 $2a$04$112345678911234567891uAknLHyDfauaTrN0X3kLEb9TznfNGvo2:4854

Looks like 4 hashes were not computed/processed correctly, all within
the same 32-password block.  These are 2, 9, 13, 18 (mod 32).

Also curious:

49998g 0:00:00:46 1076g/s 1076p/s 2153c/s 26939KC/s 49984..49999

but that's two separate 32-password blocks this time:

$2a$04$112345678911234567891uCbiXnq/I4.GHJ81jckowARk3MV4T2vq:33771
$2a$04$112345678911234567891u3vLPairuVgqHBY3JKpWbpg2GsyYXttS:45997

These are 11 and 13 (mod 32).

> So far all three have this in common: the second one of two salts, and
> the (mod 32) password numbers are all within the first half of a
> 32-password range.  (When generating these hashes, one of the two salts
> was chosen at random, without obvious correlation to hash number.  So
> these are two separate observations.)

This is still almost true for all observations so far, with the only
exception being 18 (mod 32), but it occurred in the same block with
2 (mod 32) also failing - and these two were computed on the same core
at the same time, if I understand correctly (the difference is 16).

All of the failures are consistently for the second one of the two salts
so far.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.