Date: Mon, 21 Nov 2005 20:21:53 +0100 From: Michal Luczaj <regenrecht@...pl> To: john-users@...ts.openwall.com Subject: Lotus Notes/Domino "more secure" password Hello all, I was asked by Solar Designer to forward this mail here, so here it comes. As far as I know, Domino is able to use two algorithms for computing password hash. The first one (the older one) is just a digest of keyword. Digest function was provided by Jeff Fay and named "Lotus v5 Proprietary". With further optimisations done by bartavelle@...decon.com it is included in a jumbo patch - http://www.openwall.com/john/contrib/john-1.6.39-all-1.diff.gz . Second method was claimed by IBM to be "more secure" because of salt that complicated brute force attacks. As there is already JtR module for the first approach, I couldn't find anything that would suit my needs of cracking the "secure" option, which seems to be, well, modern standard. Ehm, installer default probably. So I've decided to write my own. It took me many days as binary code wasn't well documented, but finally I've managed to understand the way things work. The algorithm is: 1. Make 128bit digest of key. 2. Do bin2hex() of key digest and put braces around it. 3. Concat output of previous step to 5 bytes of salt. 4. Make 128bit digest of first 34 bytes (out of 39 bytes). 5. Compare first 10 bytes (out of 16) to check if the key was correct. I'm just a beginner and reverse engeneering hashing function was out of my reach. Happily, Domino designers are good people and hashing function SECCalcMessageDigest was exported from nnotes.dll/libnotes.so for any code reuse. So I wrote a JtR module and now it's available at JtR's contrib dir as john-1.6.39-domino-bis-1.diff.gz . (Yes, I know, badly written and ugly. Please, impove or rewrite it if you have any ideas.) When Solar Designer wrote me that depending on Lotus' binaries (they are free to download from IBM's web site; included in installation packages of Lotus Domino and Lotus Notes) is always a problem I've tried to use Jeff's code as a replacement for SECCalcMessageDigest. But it failed to give proper hash :( BUT! It occured that Jeff's hash function from jumbo patch is working great and gives correct digest, BUT! only for less than 16 bytes of data. Previously I didn't notice that, because my test-case password was 21 chars long. So I decided to contact Mr Fay (Nov 1st) at jeff//sdii/com and - after first mail bounced - at Jeff//patchadvisor/com. But got no reply at all till now (Nov 21st). I may not have working email address (all that google gave me) or he just may be not interested in digging in his own code. I've asked him if (assuming that 16byte limit may be optimisation choice of that time) he possibly have any "unlimited" version. All I can add now is that Lotus Notes/Domino crypto API is based on RSA's BSAFE library, while SECCalcMessageDigest is equivalent of RSA's proprietary message digest algorithm called simply and mysteriously: MD. Wow, that was a long story :) Thanks for reading (bashing through my English) and - in advance - for any help. Best regards to all, Michal Luczaj
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.