Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Mon, 16 Feb 2009 18:11:08 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: 2 known letters + wordlist word --> is new format definition best way?

On Mon, Feb 16, 2009 at 11:08:08AM +0000, P PO1434 wrote:
> OK - I've made some headway in a format module that does an MD5 of two known chars, followed by plaintext. It's messy due to my naivety, but it's almost there (I think ;)

Thank you for giving this a try.

Unfortunately, the code looks wrong to me at first glance.  Why are you
not making use of JtR's support for salts?  I think you should be.  And
you don't need split().

> The tricky part writing this format was knowing when to save the known characters, and when to add them back on in the different format functions.

You should extract them in salt(), put them into a global variable in
set_salt(), and use them in crypt_all().  In this description, I am
using function names as seen in the definition of struct fmt_methods in
formats.h - that's where you should look for some comments on what these
functions are supposed to do.  salt_size, as specified in struct
fmt_params, should be 2.

> The code works for the test conditions provided in the format (inline). It doesn't work for the file input.

I'd be surprised if it would work correctly with more than one hash
loaded for cracking at once, with different "known characters" (as you
call them) or salts (which they are).

> static char* oscmd5_split(char *ciphertext,int index) {
> // Get the salt out
> // Move on 8 characters to pick out just the ciphertext eg. 05aa..etc
>     strncpy(OSCSalt,ciphertext+5,2);
>     printf("%s %s %s","OSCSalt is ",OSCSalt,"\n");
>     OSCSalt[2]=0;
>     ciphertext+=8;
>     printf("%s %s %s","Split ciphertext in oscmd5 is",ciphertext,"\n");
>     return ciphertext;
> }

All of this is wrong.  split() is only called when the file is being
loaded, yet you only have one OSCSalt variable.  This means that JtR
will only store one instance of the "known characters" (salt).

Instead of using split(), you need working salt() and set_salt().
Keeping just one OSCSalt variable is OK - JtR itself will take care of
memorizing different salts, as long as you define the salt size and
the functions correctly.

> static void oscmd5_set_salt(void *ciphertext) {
> // Nothing in here - our 'salt' is not really a salt - just 2 known characters
> }

This is a misconception.  We treated those salts as "known characters"
as a workaround for lack of support for salted raw MD5.  They are salts.

>         oscmd5_set_salt,
>         {
>             oscmd5_binary_hash_0,
>             oscmd5_binary_hash_1,
>             oscmd5_binary_hash_2
>                 },
>         fmt_default_salt_hash,
>         oscmd5_set_salt,

It is wrong to use oscmd5_set_salt() twice in the definition above - one
of these should be a salt() and the other a set_salt() function.

Also, you'll need to define a proper salt_hash() function (to replace
the dummy fmt_default_salt_hash) for decent performance of the loader
when the number of password file entries is large - but you can get to
this later, after you have things working.

Finally, please avoid over-quoting when you post to the list.  This
time, your message contained quoted headers of two other messages (one
would be more than enough) and two advertising links from
livelife.ninemsn.com.au (your e-mail provider?) - one quoted, the other
newly added.  You should not have quoted the old one.

Thanks again,

Alexander

-- 
To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply
to the automated confirmation request that will be sent to you.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.