Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Fri, 3 Feb 2017 11:12:55 -0600
From: jfoug <jfoug@...nwall.net>
To: john-users@...ts.openwall.com
Subject: Re: Dynamic Hashes and SaltLen

On 2/3/2017 10:20 AM, David Tomaschik wrote:
> Using the latest bleeding-jumbo, if I define a dynamic format like this:
>
> [List.Generic:dynamic_1600]
> Expression=md5($p.$u)
> Flag=MGF_USERNAME
> Func=DynamicFunc__clean_input
> Func=DynamicFunc__append_keys
> Func=DynamicFunc__append_userid
> Func=DynamicFunc__crypt_md5
> Test=$dynamic_1600$7f409a7c046daea1c2c60502d7e2becc:pass:user
>
> I get an error:
>
> Error invalid format dynamic_1600
> It is required to add SaltLen= to the script, for this format
>
> This appears to be because MGF_USERNAME implies MGF_SALTED (undocumented
> unless you read the source) and the test here:
> https://github.com/magnumripper/JohnTheRipper/blob/bleeding-jumbo/src/dynamic_fmt.c#L7867
> .
>
> Since this format has no salt (as I understand the term salt, but it
> appears MGF_SALTED means "the hash depends on a per-hash input") what is
> the appropriate value for SaltLen?  -1?
>
> What practical impact does SaltLen have in this case?  The documentation
> seems to indicate it's used only to verify hashes when reading the input

All salted dyna formats require you to list the length of the salt. The 
'username' is simply a salt (but has ability to get that salt from field 
0 of the input file.  That is the only real difference between a salt 
and the user name in dyamic (along with you can use both of them if the 
format needed that).

This work fine (simply added SaltLen=-24).   This means the salt is a 
variable length, UP to 24 bytes. The reason the salt length is required, 
is to allow dynamic to properly set things like max password length, 
etc, which varies based upon whether we are running in non-SIMD (i.e. 
oSSL CTX mode), in 1 buffer SIMD, in flat 'multi buffer' SIMD, and what 
hash algorithm is being used.  The user must provide a certain minimal 
amount of information so the format does not corrupt itself by 
overwriting the SIMD data buffers.

[List.Generic:dynamic_1600]
Expression=md5($p.$u)
Flag=MGF_USERNAME
SaltLen=-24
Func=DynamicFunc__clean_input
Func=DynamicFunc__append_keys
Func=DynamicFunc__append_userid
Func=DynamicFunc__crypt_md5
Test=$dynamic_1600$7f409a7c046daea1c2c60502d7e2becc:pass:user

$ ../run/john -test -form=dynamic_1600
Benchmarking: dynamic_1600 [md5($p.$u) 128/128 AVX 4x3]... DONE
Many salts:     24618K c/s real, 24508K c/s virtual
Only one salt:  11151K c/s real, 11160K c/s virtual

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.