Date: Wed, 19 Aug 2015 00:05:35 +0300 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: 7z's KDF is unsalted (was: Re: Formats using non-SIMD SHA2 implementations) On Tue, Aug 18, 2015 at 10:59:43PM +0200, magnum wrote: > On 2015-08-18 10:52, magnum wrote: > >On another note, it seems 7z is actually unsalted within the KDF. So one > >could make extremely effective Rainbow tables for it. > > Issue #1679, PR #1681. > > We now take advantage of this. Almost on par with mschapv2 and netntlmv1 :-) > > $ ../run/john -test -form:7z > Will run 8 OpenMP threads > Benchmarking: 7z, 7-Zip (512K iterations) [SHA256 AES 32/64]... (8xOMP) DONE > Speed for cost 1 (iteration count) of 524288 > Many salts: 7876 c/s real, 1085 c/s virtual > Only one salt: 42.1 c/s real, 5.5 c/s virtual > > For each additional salt, we can skip the (very heavy) KDF and only do > the AES checks. The speedup for 500 salts is "only" 187x here, we can In other words, one can crack passwords to 500 unrelated 7-Zip archives in only 2.7x the effort of cracking password to one archive (and we can optimize this further). Correct? > probably boost it even more (eg. re-tune OMP_SCALE and/or optimizing the > AES checks, which hasn't been any priority until now). I think we use > AES-NI (if available) already but this should be verified too. > > This is not merged to bleeding-jumbo yet, I made a PR for Lei to decide > how to handle. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.