Date: Wed, 30 Sep 2015 22:39:12 +0200 From: magnum <john.magnum@...hmail.com> To: john-dev@...ts.openwall.com Subject: Re: Kerberoast for John On 30/09/15 09:25, Michael Kramer wrote: > > Am Montag, 28. September 2015 22:59 CEST, magnum <john.magnum@...hmail.com> schrieb: > >>> I've included the fmt_plug file for John, a testfile with 3 >>> testhashes the module is able to crack, and also part of the python >>> script from Tim Medin to parse kirbi files into the format my John > >>> module uses. >> >> You should include all three as test vectors. After doing so, you'll >> find that the format fails self-tests as written. It may crack that test >> file but it's flawed and will not always work. > > I've encluded three test vectors now. It seems to work this time. > >> >>> But I've encountered a strange bug and thought maybe one of you could >>> help me. >> >> There are many bugs ;-) I think you need to do the following, for a starter: >> >> 1. Change BINARY_SIZE to 0 and replace binary with fmt_default_binary. >> Have a look at some other format with a binary size of 0. > > Done that. > >> 2. Change salt to a struct holding both the salt and what you are now >> putting in the binary (so this becomes a "salt-only" format, or a >> non-hash as we use to call them). Then of course change SALT_SIZE to >> sizeof that struct. > > Done that as well. > >> 3. Adjust everything accordingly. Drop the binary_hash/get_hash > >> functions (use fmt_default_* in the format struct). > > Done that as well :) > >> 4. Replace <openssl/rc4.h> with "rc4.h" (a local file in the tree) > > If I replace this I get a segmentationfault. With the openssl/rc4.h it works. Any idea why that occurs? > >> Also, you should rename src/kirbi_export.py to run/kirbi2john.py per our >> conventions. > > I've renamed and edited the license for the python script as well. > > Attached you'll find the salt-only module and the renamed Python script. > > But the bug I encountered before is still there. After 17 hours I get 500p/s... Thanks! I committed your patch as-is and then made significant changes and enhancements in a separate commit: https://github.com/magnumripper/JohnTheRipper/commit/05e5146 https://github.com/magnumripper/JohnTheRipper/commit/00bd1bb On a core i5 laptop, speed went from 80K to 116K single-thread, and to 368K "many-salts" speed running 4 threads (HT). You were using OpenSSL EVP, which is slow and not thread-safe. I bet that bug was because of that, so it was probably squashed in the process. To get a snapshot of bleeding-jumbo with this format, use: https://github.com/magnumripper/JohnTheRipper/archive/bleeding-jumbo.tar.gz magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.