Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 19 Aug 2015 00:25:01 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: 7z's KDF is unsalted (was: Re: Formats using non-SIMD SHA2 implementations)

On Tue, Aug 18, 2015 at 10:59:43PM +0200, magnum wrote:
> On 2015-08-18 10:52, magnum wrote:
> >On another note, it seems 7z is actually unsalted within the KDF. So one
> >could make extremely effective Rainbow tables for it.
> 
> Issue #1679, PR #1681.

I went to:

https://github.com/magnumripper/JohnTheRipper/issues/1679

and there you mention similarity to WPA-PSK.  But we don't have this for
WPA-PSK:

[solar@...er run]$ GOMP_CPU_AFFINITY=0-31 ./john -test -form=wpapsk
Will run 32 OpenMP threads
Benchmarking: wpapsk, WPA/WPA2 PSK [PBKDF2-SHA1 128/128 AVX 4x]... (32xOMP) DONE
Raw:    10645 c/s real, 334 c/s virtual

... or do we?  And folks are generating per-SSID rainbow tables for
WPA-PSK, treating it as salted for that purpose.

So what did you mean by mentioning WPA-PSK in the same context?

And doesn't the AES step prevent rainbow tables for 7-Zip (even if it
doesn't prevent the speedup you've now implemented)?

BTW, I brought this to Twitter:

https://twitter.com/solardiz/status/633748480561819648

Also, this might be CVE-worthy, similarly to eCryptfs:

http://www.openwall.com/lists/oss-security/2015/02/28/3

although that one was granted a CVE based on "the vendor" confirming
that they treat it as a vulnerability... so if you can get 7-Zip
upstream to treat it as a vulnerability and fix it (in a future
revision), then it'd also be CVE-worthy for the same reason.  Otherwise,
it's unclear.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.