Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 4 Dec 2012 17:54:04 +0100
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Cracking a GPG keyring

On 4 Dec, 2012, at 12:42 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> On Tue, Dec 4, 2012 at 5:07 PM, magnum <john.magnum@...hmail.com> wrote:
>> On 4 Dec, 2012, at 12:29 , Dhiru Kholia <dhiru.kholia@...il.com> wrote:
>>> Ensure that your key uses SHA1 based s2k function before using the
>>> OpenCL gpg format.
>> 
>> Will gpg2john and/or the format's valid() reject it if unsupported? Or will it happily try to attack it without a chance?
> 
> This rejection should be done in format's valid method. However, I
> have been lazy in doing it so far :(

In cases like this it's *really* important that it gets rejected somewhere in the chain (could be in gpg2john as well, or even as an assertion in in get_salt() but that is a crude solution for no reason) and IMHO you should place it in, well, the top line of your to-do list. Imagine someone spending literally months with 96 CPU cores just to find out your format gladly and silently accepted input that it simply can not crack.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.