Date: Fri, 8 Feb 2013 17:09:10 -0600 From: "jfoug" <jfoug@....net> To: <john-users@...ts.openwall.com> Subject: RE: Cracking SHA1 with some knowledge of password There are going to be limitations within JtR. I did look at code, and it appears that the x86 (i.e. non SSE) has internal buffer lengths in dynamic that are PLAINTEXT_LENGTH_X86+96 PLAINTEXT_LENGTH_X86 is set to 124 bytes, and 1 byte needed for NULL. So, in theory, you could encrypt strings (internally within dynamic) up to 219 bytes, without crashing JtR. I just tested with a format that had 80 characters appended, and 110 character prepended. The length being encrypted for the password openwall, is 198 bytes, well within this apparent 219 bytes max length in dynamic, but also well past JtR's 125 byte password length. Now, the password was really only 8 bytes long (openwall). The constants took up the other 190 bytes. With this 190 byte 'const', dynamic can only handle passwords up to 29 bytes. Here is this format. It also shows how to force dynamic to fall back to OpenSSL, and NOT use SSE. [List.Generic:dynamic_1051] Expression=xxxSHA1($p)yyy Flag=MGF_SHA1_40_BYTE_FINISH Flag=MGF_NOTSSE2Safe MaxInputLen=29 Func=DynamicFunc__clean_input Func=DynamicFunc__append_input1_from_CONST1 Func=DynamicFunc__append_keys Func=DynamicFunc__append_input1_from_CONST2 Func=DynamicFunc__SHA1_crypt_input1_to_output1_FINAL Const1=012345678901234567890123456789012345678901234567890123456789012345678 90123456789 Const2=012345678901234567890123456789012345678901234567890123456789012345678 90123456789012345678901234567890123456789 Test=$dynamic_1051$546de0d2e256cb51f96a06ff54a08994f95da5d9:openwall And here shows building this test hash, and test runs of the 1050, and 1051 types (to see the difference in speed). $ echo -n "012345678901234567890123456789012345678901234567890123456789012345678901234 56789openwall012345678901234567890123456789012345678901234567890123456789012 34567890123456789012345678901234567890123456789" | sha1sum 546de0d2e256cb51f96a06ff54a08994f95da5d9 *- $ ./john -test=5 -form=dynamic_1051 Benchmarking: dynamic_1051 xxxSHA1($p)yyy [32/32 128x1]... DONE Raw: 1701K c/s real, 1701K c/s virtual $ ./john -test=5 -form=dynamic_1050 Benchmarking: dynamic_1050 xxxSHA1($p)yyy [128/128 SSE2 10x4]... DONE Raw: 5602K c/s real, 5601K c/s virtual From: Lex Par [mailto:ziptied@...il.com] > >Theoretically, if I were to create a function the pads an input (ie >password) with 120 bytes, then hashes the 120+password input to produce the hash, this would not be crackable via the 128 byte limit (since our hard limit not using the optimizations is somewhere in the 90~)?
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.