Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Sun, 30 Sep 2012 10:11:54 -0400 (EDT)
From: jfoug@....net
To: john users <john-users@...ts.openwall.com>
Subject: Re: WebEdition CMS

Works code worked for me. Likely you missed the extra flag value. That 
value is VERY important.  What that flag does is when the file is being 
loaded, it takes the salt, performs a MD5 on it, then takes that base-16 
results, and uses THAT value as the salt.  In other words, it 
precomputes the md5($s) one time, and then you simply append that value 
where you need it from that point on, thus cutting down the number of 
MD5 crypt calls in your inner loop.

This is one KEY line, you may have not copied into your format:

Flag=MGF_SALT_AS_HEX


Here are some quick/dirty timings for this format (note 1012 on my test 
was my 1 MD5 script)

Original
$ ./john -test=5 -form=dynamic_1011
Benchmarking: dynamic_1011 md5($p.md5($s)) (WebEdition CMS) [128/128 
SSE2 intrinsics 10x4x3]... DONE
Many salts:     5702K c/s real, 5719K c/s virtual
Only one salt:  4827K c/s real, 4827K c/s virtual


Using MGF_SALT_AS_HEX
$ ./john -test=5 -form=dynamic_1011
Benchmarking: dynamic_1011 md5($p.md5($s)) (WebEdition CMS) [128/128 
SSE2 intrinsics 10x4x3]... DONE
Many salts:     9256K c/s real, 9256K c/s virtual
Only one salt:  6678K c/s real, 6789K c/s virtual


Hotice how the 'many salts' speed gets quite a bit bigger performance 
boost with this model. This is due to the salt itself now being pretty 
long (32 bytes).  In the 'Many salts' test, there is less memory copying 
happening with the salt.

But you can see precomputing the salt make a pretty large boost to 
speed.

Jim.


On Sun, Sep 30, 2012 at 8:31 AM, Dhiru Kholia wrote:

> On Sun, Sep 30, 2012 at 5:07 PM,  <jfoug@....net> wrote:
>> Simply looking at that format script, I believe it would work fine. 
>> There is
>> also ways a username can be used directly within dynamic instead. 
>> However,
>> since anyone using this would be fabricating the JtR input file, 
>> putting the
>> username into a salt field would be just as easy as putting into the
>> username field when building the file.
>
>> Also, if a salt is used vs the username within dynamic, then there is 
>> a nice
>> optimization that can be used to double the speed of the format. If 
>> you
>> notice the base-16 MD5 of the salt (user name), is a static string. 
>> This can
>> be pre-computed at load time, and done only once. This reduces the 
>> MD5 calls
>> from 2 to 1 per password/salt trial.
>
> Jim,
>
> I have tried to implement what you said,
>
> MySQL [webedition]> select username,md5(username),passwd,UseSalt from
> tblUser where username="openwall";
> 
> +----------+----------------------------------+----------------------------------+---------+
> | username | md5(username)                    | passwd
>           | UseSalt |
> 
> +----------+----------------------------------+----------------------------------+---------+
> | openwall | f2df0ddd3129c68b1ae7be05779ebeb3 |
> 14f8b3781f19a3b7ea520311482ce207 |       1 |
> 
> +----------+----------------------------------+----------------------------------+---------+
>
> ####################################################################
> # DYNAMIC type for WebEdition CMS md5($p.PMD5(username))
> # > select md5(username),passwd,UseSalt from tblUser
> # PMD5(username), pre-computed md5 of username is salt
> ####################################################################
> [List.Generic:dynamic_1012]
> Expression=md5($p.PMD5(username)) (WebEdition CMS)
> Flag=MGF_SALTED
> Flag=MGF_SALT_AS_HEX
> Func=DynamicFunc__clean_input
> Func=DynamicFunc__append_keys
> Func=DynamicFunc__append_salt
> Func=DynamicFunc__crypt_md5
> 
> Test=$dynamic_1012$14f8b3781f19a3b7ea520311482ce207$HEX$f2df0ddd3129c68b1ae7be05779ebeb3:openwall
>
> However it fails self-test,
>
> Benchmarking: dynamic_1012 md5($p.PMD5(username)) (WebEdition CMS)
> [128/128 SSE2 intrinsics 10x4x3]... FAILED (get_hash[0](0)
>
> Any tips to get it working?
>
> -- 
> Cheers,
> Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.