Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 17 Aug 2012 09:40:21 +0400
From: Solar Designer <>
Subject: Re: Cracking Gauss using dynamic

On Thu, Aug 16, 2012 at 11:06:48AM -0400, Matt Weir wrote:
> Considering this is such a high profile instance, I figured it would
> be cool if JtR had the ability to perform cracking attacks against it.
> A brief overview of the hashing algorithm is:
> 10k_md5(md5(path.file.salt))
> I figure the path + file combinations would probably best to be
> generated via rules or an external script and piped into JtR using
> -stdin.

This would be cool as a test of JtR's capabilities or an opportunity to
enhance them, but on the other hand it would not benefit from JtR's
ability to generate candidate passwords much.  So it's mostly a task for
specialized programs.

> Now this would be fairly easy to do with the dynamic format, except
> for the fact that it requires 10 thousand rounds of md5. Is there an
> easy way to do large numbers of iterations using dynamic that I'm just
> not seeing in the documentation? I figure worth comes to worse I can
> just create a script that will build a dynamic format with 10k rounds
> in it but I was wondering if there was a cleaner way?

I thought that maybe the implementation of phpass in the dynamic
format was generic enough - but it is not.  Its loop is hardcoded in
DynamicFunc__PHPassCrypt().  So it seems like the current dynamic format
is incapable of arbitrary loops.  This may be something for JimF to
enhance - not for this specific target, but in general.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.