Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 16 Aug 2012 11:06:48 -0400
From: Matt Weir <cweir@...edu>
To: john-users@...ts.openwall.com
Subject: Cracking Gauss using dynamic

Hey all,
     A new piece of malware called Gauss is floating around that has
an encrypted payload. A description of it, along with a request to
help crack it, can be found at the following link:

https://www.securelist.com/en/blog/208193781/The_Mystery_of_the_Encrypted_Gauss_Payload

Considering this is such a high profile instance, I figured it would
be cool if JtR had the ability to perform cracking attacks against it.
A brief overview of the hashing algorithm is:

10k_md5(md5(path.file.salt))

I figure the path + file combinations would probably best to be
generated via rules or an external script and piped into JtR using
-stdin.

Now this would be fairly easy to do with the dynamic format, except
for the fact that it requires 10 thousand rounds of md5. Is there an
easy way to do large numbers of iterations using dynamic that I'm just
not seeing in the documentation? I figure worth comes to worse I can
just create a script that will build a dynamic format with 10k rounds
in it but I was wondering if there was a cleaner way?

Thanks!
Matt

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.