Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <2794085f00ef59ef86d31f6175c0aa18@smtp.hushmail.com>
Date: Thu, 12 Apr 2012 21:55:26 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: MSCash2 formats reliability & usability

Great, committed now.  Sayantan (and Lukas), you probably want to
incorporate the same code in your GPU formats too.

magnum


On 04/12/2012 09:40 PM, jfoug wrote:
>> From: Solar Designer [mailto:solar@...nwall.com]
>>
>> Jim, magnum, Lukas, Sayantan -
>>
>> We have three JtR formats for MSCash2: CPU, CUDA, OpenCL.
>>
>> The CPU one supports many different representations of MSCash2 hashes
>> and has many test vectors of different form ($DCC2$ prefix present vs.
>> not, iteration count included vs. not, username included vs. separate).
>> This is great, although the format's support for variable iteration
>> counts is probably unneeded (there are no non-10240 MSCash2 hashes in
>> the wild, as far as I'm aware).  However, I think with all this
>> complexity the format is also more prone to bugs than it has to be.
>> For example, with this combination of hashes in the input file:
>>
>> $DCC2$Joe#e09b38f84ab0be586b730baf61781e30
>> $DCC2$test#a86012faf7d88d1fc037a69764a92cac
>> $DCC2$administrator#a150f71752b5d605ef0b2a1e98945611
>> $DCC2$administrator#c14eb8279e4233ec14e9d393637b65e2
>> $DCC2$administrator#8ce9c0279b4e6f226f52d559f9c2c5f3
>> $DCC2$administrator#2fc788d09fad7e26a92d12356fa44bdf
>> $DCC2$administrator#6aa19842ffea11f0f0c89f8ca8d245bd
>>
>> John does not recognize the different salts (should be 3 different):
> 
> I have tightened up prepare in mscash1 and mscash2.
> 
>> user@...l:~/john/magnum-jumbo/run$ ./john pw-bug -fo=mscash2 Loaded 7
>> password hashes with no different salts (M$ Cache Hash 2 (DCC2) [SSE2i
>> 8x])
> 
> They were being loaded totally wrong.  The string being loaded for the
> first one, was:
> 
> $DCC2$10240#?#$dcc2$joe#e09b38f84ab0be586b730baf61781e30
> 
> Thus, in that form, ALL were getting the salt of ? as the salt.
> 
>> I guess there's a bug in prepare(), get_salt() or/and SALT_SIZE.  By the
>> way, it is weird how SALT_SIZE is defined as 11*4, but is actually put
>> into the struct as SALT_SIZE+4.  
> 
> Because I 'stole' the first 4 bytes (array of 2 2 byte values), to store the
> 
> iteration count, and the salt len, so they would be 'ready' to be used and 
> not have to be computed over and over again.  I simply left the salt 'junk' 
> alone, and bumped up the size in bytes of the salt in the format structure
> by 4.
> Looking at it now, the SALT_LEN #define is only used within setting the
> format
> struct, so I have simply modified the #define.
> 
>> Assuming that this is the correct value
>> to use, we should specify SALT_SIZE as (11*4+4) right away.
>>
>> Another issue is that strings of the above form are somehow also
>> recognized as "mscash".  I guess this has to do with
>> mscash1_fmt_plug.c's prepare() being too willing to turn anything into
>> what its valid() would recognize.  It should probably perform some
>> validation first.
> 
> Fixed in patch.  It 'only' appends the M$ (or $DCC2$1024# for cash2),
> IF the field 1 is 32 byte hex number (i.e. raw).  So yes, it did get
> some added validation.
> 
> 

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.