Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Sep 2015 22:39:12 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Kerberoast for John

On 30/09/15 09:25, Michael Kramer wrote:
>
> Am Montag, 28. September 2015 22:59 CEST, magnum <john.magnum@...hmail.com> schrieb:
>
>>> I've included the fmt_plug file for John, a testfile with 3
>>> testhashes the module is able to crack, and also part of the python
>>> script from Tim Medin to parse kirbi files into the format my John
>
>>> module uses.
>>
>> You should include all three as test vectors. After doing so, you'll
>> find that the format fails self-tests as written. It may crack that test
>> file but it's flawed and will not always work.
>
> I've encluded three test vectors now. It seems to work this time.
>
>>
>>> But I've encountered a strange bug and thought maybe one of you could
>>> help me.
>>
>> There are many bugs ;-) I think you need to do the following, for a starter:
>>
>> 1. Change BINARY_SIZE to 0 and replace binary with fmt_default_binary.
>> Have a look at some other format with a binary size of 0.
>
> Done that.
>
>> 2. Change salt to a struct holding both the salt and what you are now
>> putting in the binary (so this becomes a "salt-only" format, or a
>> non-hash as we use to call them). Then of course change SALT_SIZE to
>> sizeof that struct.
>
> Done that as well.
>
>> 3. Adjust everything accordingly. Drop the binary_hash/get_hash
>
>> functions (use fmt_default_* in the format struct).
>
> Done that as well :)
>
>> 4. Replace <openssl/rc4.h> with "rc4.h" (a local file in the tree)
>
> If I replace this I get a segmentationfault. With the openssl/rc4.h it works. Any idea why that occurs?
>
>> Also, you should rename src/kirbi_export.py to run/kirbi2john.py per our
>> conventions.
>
> I've renamed and edited the license for the python script as well.
>
> Attached you'll find the salt-only module and the renamed Python script.
>
> But the bug I encountered before is still there. After 17 hours I get 500p/s...

Thanks! I committed your patch as-is and then made significant changes 
and enhancements in a separate commit:
https://github.com/magnumripper/JohnTheRipper/commit/05e5146
https://github.com/magnumripper/JohnTheRipper/commit/00bd1bb

On a core i5 laptop, speed went from 80K to 116K single-thread, and to 
368K "many-salts" speed running 4 threads (HT).

You were using OpenSSL EVP, which is slow and not thread-safe. I bet 
that bug was because of that, so it was probably squashed in the process.

To get a snapshot of bleeding-jumbo with this format, use:
https://github.com/magnumripper/JohnTheRipper/archive/bleeding-jumbo.tar.gz

magnum

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.