Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Aug 2015 00:05:35 +0300
From: Solar Designer <>
Subject: Re: 7z's KDF is unsalted (was: Re: Formats using non-SIMD SHA2 implementations)

On Tue, Aug 18, 2015 at 10:59:43PM +0200, magnum wrote:
> On 2015-08-18 10:52, magnum wrote:
> >On another note, it seems 7z is actually unsalted within the KDF. So one
> >could make extremely effective Rainbow tables for it.
> Issue #1679, PR #1681.
> We now take advantage of this. Almost on par with mschapv2 and netntlmv1 :-)
> $ ../run/john -test -form:7z
> Will run 8 OpenMP threads
> Benchmarking: 7z, 7-Zip (512K iterations) [SHA256 AES 32/64]... (8xOMP) DONE
> Speed for cost 1 (iteration count) of 524288
> Many salts: 7876 c/s real, 1085 c/s virtual
> Only one salt:  42.1 c/s real, 5.5 c/s virtual
> For each additional salt, we can skip the (very heavy) KDF and only do 
> the AES checks. The speedup for 500 salts is "only" 187x here, we can 

In other words, one can crack passwords to 500 unrelated 7-Zip archives
in only 2.7x the effort of cracking password to one archive (and we can
optimize this further).  Correct?

> probably boost it even more (eg. re-tune OMP_SCALE and/or optimizing the 
> AES checks, which hasn't been any priority until now). I think we use 
> AES-NI (if available) already but this should be verified too.
> This is not merged to bleeding-jumbo yet, I made a PR for Lei to decide 
> how to handle.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.