Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4DF919BF.4080001@bredband.net>
Date: Wed, 15 Jun 2011 22:44:47 +0200
From: magnum <rawsmooth@...dband.net>
To: john-dev@...ts.openwall.com
Subject: Even more mscash & mscash2 fixes

Just posted john-1.7.7-jumbo-6-more-mscash-fixes.diff.gz to the wiki, 
with the following for mscash & mscash2:

* 8-bit self-tests for normal mode as well as --utf8, also including 
nullstring and max length of salt [see below]
* Lowercasing of salts
* Unicode length check of salt and reject in valid() if too long
* (mscash2 only) Replaced a binary salt_len check in set_salt() that 
lacked error handling and caused crashes (apart from being redundant)

Still, there is a major problem in mscash2: As far as I can tell, the 
maximum supported salt length is supposed to be 19 characters. Unless my 
generator script is to blame, John fails to crack any hash with a salt 
longer than 8 characters. The self-test I included with saltlen 19 is 
currently commented out. Unless this is fixed, the max length check in 
valid() should be really be decreased from 19 to 8.

Is the original author, S3nf, a subscriber here? From what I can tell, 
the problem is in the PBKDF2 - the other stuff exists in mscash and 
works fine with up to 19 characters.


BTW here is how I create test hashes:

use Encode;
use Digest::MD4 qw(md4 md4_hex);
use Crypt::PBKDF2;
...
sub mscash2 {
        # max username (salt) length is supposed to be 19 characters (in 
John)
        # max password length is 27 characters (in John)
        # the algorithm lowercases the salt
        my $user = randusername(5);
        $salt = encode("UTF-16LE", lc($user));
        my $pbkdf2 = Crypt::PBKDF2->new(
                hash_class => 'HMACSHA1',
                iterations => 10240,
                output_len => 16,
                salt_len => length($salt),
                );
        # Crypt::PBKDF2 hex output is buggy, we do it ourselves!
        print "$user:", unpack("H*", 
$pbkdf2->PBKDF2($salt,md4(md4(encode("UTF-16LE",$_[0])).$salt))),
        ":$u:0:$_[0]:mscash2 (user name required for salt in john's 
format):\n";
  }


I am NOT 100% sure this salt length problem is not actually a problem 
with Crypt::PBKDF2. Other stupid bugs exist in it. But I have failed to 
g00gle test hashes and I have no Vista/2008/Win7 gear to make real test 
hashes. If anyone can confirm this hash:

Administrator:4c253e4b65c007a8cd683ea57bc43c76

is a valid DCC2 hash for password "password" and 10240 iterations, it 
would confirm my test script is OK.

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.