Date: Wed, 19 Aug 2015 00:25:01 +0300 From: Solar Designer <solar@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: 7z's KDF is unsalted (was: Re: Formats using non-SIMD SHA2 implementations) On Tue, Aug 18, 2015 at 10:59:43PM +0200, magnum wrote: > On 2015-08-18 10:52, magnum wrote: > >On another note, it seems 7z is actually unsalted within the KDF. So one > >could make extremely effective Rainbow tables for it. > > Issue #1679, PR #1681. I went to: https://github.com/magnumripper/JohnTheRipper/issues/1679 and there you mention similarity to WPA-PSK. But we don't have this for WPA-PSK: [solar@...er run]$ GOMP_CPU_AFFINITY=0-31 ./john -test -form=wpapsk Will run 32 OpenMP threads Benchmarking: wpapsk, WPA/WPA2 PSK [PBKDF2-SHA1 128/128 AVX 4x]... (32xOMP) DONE Raw: 10645 c/s real, 334 c/s virtual ... or do we? And folks are generating per-SSID rainbow tables for WPA-PSK, treating it as salted for that purpose. So what did you mean by mentioning WPA-PSK in the same context? And doesn't the AES step prevent rainbow tables for 7-Zip (even if it doesn't prevent the speedup you've now implemented)? BTW, I brought this to Twitter: https://twitter.com/solardiz/status/633748480561819648 Also, this might be CVE-worthy, similarly to eCryptfs: http://www.openwall.com/lists/oss-security/2015/02/28/3 although that one was granted a CVE based on "the vendor" confirming that they treat it as a vulnerability... so if you can get 7-Zip upstream to treat it as a vulnerability and fix it (in a future revision), then it'd also be CVE-worthy for the same reason. Otherwise, it's unclear. Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.