Date: Tue, 7 Feb 2012 19:59:13 +0400 From: Solar Designer <solar@...nwall.com> To: john-users@...ts.openwall.com Subject: Re: DES - not "traditional DES-based" - (VNC hash) with JtR On Sun, Feb 05, 2012 at 01:08:34PM +0100, A BC wrote: > I'm a new user of this mailing list, because I have a question I don't find > an answer to : is there a way to use JtR against DES 'hashes', where : > - you know the data to encrypt (challenge) > - you know the data when encrypted (challenge response, server side) > - you search the DES-password that was used to encrypt the data. > > It is a way to authenticate with VNC ( > http://www.realvnc.com/docs/rfbproto.pdf page 14), which is reputed weak. We have support for a few things like this in -jumbo, but not for VNC's specifically. We'll need to implement that. If you want to try yourself, you may want to look at these source files as samples for challenge/response cracking: NETLM_fmt_plug.c NETSPLITLM_fmt_plug.c NETNTLM_fmt_plug.c MSCHAPv2_fmt_plug.c > So I search how easily it can be efficiently broken, According to the PDF you referenced, easier than a Unix crypt(3) password. > So, I wish to use JtR for its mangling rules, wordlists capabilities, (and > maybe for its efficiency) but I can't find a way to make it do what I want. > I have searched in the community resources (http://openwall.info/wiki/john), > in the most useful mailing lists posts ( > http://openwall.info/wiki/john/mailing-list-excerpts), I have searched in > the direction of "How to use the 'dynamic' format within john" > (jtr179j5/doc/DYNAMIC.txt) but I did not found what I want "DES($s,$p)", I > searched in tutorials (http://openwall.info/wiki/john/tutorials), and I > tried to look at patches (http://openwall.info/wiki/john/custom-builds), > but no keywords matched, nor with our best friend ggl... We really have no support for VNC's challenge/responses now, and the "dynamic" feature is currently for MD5 and SHA-1 only. > I am thinking about how JtR implements its algorithms, but it seems very > complicated. It is not - it's just that existing implementations quickly become complicated when they gain some optimizations. Besides the files I referenced above (which already got some "unnecessary" complexity), you may look at e.g. dummy.c, rawSHA_fmt_plug.c, rawSHA256_fmt.c, and XSHA_fmt_plug.c for simpler samples. The last one of these is for a salted hash type - similar to what you'll need in that aspect (you may treat the challenge as a salt). Then proceed with the more relevant samples referenced above. Also, read the comments in formats.h. If you have specific questions on these, please bring them up on the john-dev list. > Otherwise, I am think about using JtR to generate the pwd to stdout, which > I would pipe into a Python soft using PyCrypto, but I don't know if the > pipes will react well to millions of pwds (will they stack ? will JtR wait > for the stdout be emptied by the Python script ?). This is more of an OS (non-)issue than JtR, but in short things will just work. The biggest drawbacks of this approach are worse performance and difficulty of interrupting/restoring sessions from just the right place (some buffered candidate passwords may be skipped). > Is there something I missed ? Is there a solution better than another ? I > can code in C under Win/Linux, Python, ... You may join us on john-dev and proceed to implement this. Oh, and please post a test vector or several (sniffed challenge/response pairs and their corresponding known passwords). The thing sounds so simple that I might just implement this when I feel like it - or anyone else can. ;-) Thanks, Alexander
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.