|
Message-ID: <4DD9A4D5.10409@bredband.net> Date: Mon, 23 May 2011 02:05:41 +0200 From: magnum <rawsmooth@...dband.net> To: john-dev@...ts.openwall.com Subject: Re: "excessive partial hash collisions detected" for mskrb5 On 2011-05-23 01:27, Solar Designer wrote: > On Sun, May 22, 2011 at 11:47:21PM +0200, magnum wrote: >> True, I have no binary_hash() or get_hash() functions. As far as I can >> tell, there's just no way to implement them for this format. I think you >... > This sounds right. > >> If not, maybe there should be a way to tell john that it should not emit >> that warning for this format (and possibly some others)? Maybe just the >> fact that I'm also using fmt_default_binary()? > > I think we can add a check for zero binary_size to loader.c - and not > print the warning if so. Yes, that sounds like a better idea. > You could move from decryption (resulting in known plaintext) to > encryption (of the known plaintext), then you could compare > partial ciphertexts and compute hashes of those. Moreover, you'd get > rid of salts, for a huge speedup (when there's more than one of these > non-hashes to crack). But this might not be possible in your specific > case (I haven't checked whether it is). I think it depends on things > such as block cipher mode used (should be possible for ECB, but not for > chaining modes if plaintext for the preceding blocks is not known). This may be possible. It's RC4. I will give this some more thought. thanks! magnum
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.