Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120624012431.GA2623@openwall.com>
Date: Sun, 24 Jun 2012 05:24:31 +0400
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Oracle Bitslice conversion completed

Hi Piyush,

On Sat, Jun 23, 2012 at 06:47:57AM +0530, Piyush Mittal wrote:
> I have completed Oracle Bit Slice conversion. It's running  correctly using
> linux-x86-64avx mode on my machine.

"Passing self-test" and "running correctly" are distinct things.
Self-test is primarily meant to catch miscompiles and such.  It might
not catch major design errors, and it sometimes misses implementation
bugs as well.  For example, it is possible to have a format that will be
comparing 0's against 0's regardless of its test vectors, and it might
pass self-test.

Right now, your code merely passes self-test.  Congratulations!
Seriously, this is a fine milestone to be at, but it's far from having
the "conversion completed".

Your code does not yet run correctly.  If you put those same test
vectors in files:

$ cat pw
O$SIMON#4F8BC1809CB2AF77
O$SIMON#C4EB3152E17F24A4
O$SYS#C648972D2BE43FA4
O$BOB#b02c8e79ed2e7f46
$ cat w
A
TST
H4X0R
LAPIN

and run John with your patch on them:

$ ./john -w=w pw
Loaded 4 password hashes with 3 different salts (Oracle BS [oracle])
guesses: 0  time: 0:00:00:00 DONE (Sun Jun 24 05:07:27 2012)  c/s: 228 trying: A - LAPIN

the passwords don't get cracked.  Why not?  Or rather, why does the
self-test pass?  In fact, the latter is the question I asked myself as
soon as I saw your code - "this can't possibly work, why does it pass
self-test?"

Actually, let's take this a step back.  Why can't it possibly work?
Simple: you're only using one bit layer.  So it may work for one in 128
passwords (in an -x86-64-avx build, as you say), but not for the rest.
Well, except when only one bit layer actually matters.  This is in fact
the case for self-test: it tests one key index at a time, not all at
once.  However, why doesn't the self-test fail for indices other than 0?
That's because you spread the one bit layer to all of them inside
DES_bs_crypt_Oracle() with vst(..., z) and vst(..., o).  Mystery solved.

> Some documentation and final touch to code is left that I will send
> tomorrow.

You're still quite far from that final touch - and even if the code
worked, it'd need a lot more of a cleanup than a mere final touch - but
I am impressed nevertheless.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.