Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BLU0-SMTP63F016A079D3EBA8E8F028FDE50@phx.gbl>
Date: Fri, 29 Jun 2012 23:32:43 +0200
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: For some dynamic formats on linux-x86-mmx build cracking
 depends on password candidate sequence

On 06/29/2012 01:33 PM, Frank Dittrich wrote:
> limiey           (u48-dynamic_2)
> hhello__1        (u170-dynamic_2)
> summer__3        (u293-dynamic_2)
> �utle�t__1       (u407-dynamic_2)

$ grep -n "^limiey$" pw.dic pw.dic.orig
pw.dic:5761:limiey
pw.dic.orig:58:limiey

$ grep -n "^hhello__1$" pw.dic pw.dic.orig
pw.dic:5633:hhello__1
pw.dic.orig:186:hhello__1

$ grep -n "^summer__3$" pw.dic pw.dic.orig
pw.dic:5505:summer__3
pw.dic.orig:314:summer__3

$ LC_ALL=C grep -n "^.*utle.*t__1$" pw.dic pw.dic.orig |grep -v ":o"
pw.dic:5377:�utle�t__1
pw.dic.orig:442:�utle�t__1

This can't be just a coincidence.
These 4 (previously uncracked) passwords are located at these offsets in
the (reversed) pw.dic:

5761 = 45 * 128 + 1
5633 = 44 * 128 + 1
5505 = 43 * 128 + 1
5377 = 42 * 128 + 1

128 happens to be MAX_KEYS_PER_CRYPT for my linux-x86-mmx build.

If I append --mkpc=[1|2|...|126|127] to the command line, all 1500
passwords get cracked using (the reversed) pw.dic.

 ../run/john -ses=./tst -nolog -pot=./tst.pot dynamic_2_tst.in
--wordlist=pw.dic --mkpc=126

(I just tried those 4 values (1, 2, 126, 127), and everytime I crack all
1500 passwords.

With
../run/john -ses=./tst -nolog -pot=./tst.pot dynamic_2_tst.in
--wordlist=pw.dic --mkpc=128

I crack 1496 again.

May be this is a clue where to look.

But: for my linux-x86-clang build (Algorithm name: 128/128 SSE2
intrinsics 8x4x4), max. keys per crypt is 128 as well, but here I got a
different number of passwords that were not cracked.

When I try the --mkpc=127 trick with clang, the remaining 18 passwords
get cracked as well.

Remaining 18 password hashes with no different salts
HookFish__10     (u905-dynamic_2)
�word�ish__3     (u779-dynamic_2)
Sword��sh__3     (u778-dynamic_2)
flasjkdfw__7     (u659-dynamic_2)
asdfasfga__7     (u658-dynamic_2)
good to KN0W__5  (u533-dynamic_2)
characters__5    (u532-dynamic_2)
�utle�t__1       (u407-dynamic_2)
PIII__4          (u406-dynamic_2)
pentium__4       (u405-dynamic_2)
summer__3        (u293-dynamic_2)
gobble__3        (u292-dynamic_2)
hhello__1        (u170-dynamic_2)
out�eft          (u169-dynamic_2)
jus�m�size       (u168-dynamic_2)
limiey           (u48-dynamic_2)
swordfish        (u47-dynamic_2)
let�ein          (u46-dynamic_2)

For of these passwords are the same as for -mmx.

A few others:

$ grep -n "^HookFish__10$" pw.dic
4865:HookFish__10
$ grep -n "^flasjkdfw__7$" pw.dic
5121:flasjkdfw__7
$ grep -n "^good to KN0W__5$" pw.dic
5249:good to KN0W__5

4865 = 38 * 128 + 1
5121 = 40 * 128 + 1
5249 = 41 * 128 + 1

But
$ grep -n "^swordfish$" pw.dic
5762:swordfish
$ grep -n "^asdfasfga__7$" pw.dic
5122:asdfasfga__7
$ grep -n "^characters__5$" pw.dic
5250:characters__5


5762 = 45 * 128 + 2
5122 = 40 * 128 + 2
5250 = 41 * 128 + 2

So, for the clang build not just the first candidate password of a new
128 passwords block is affected, but the first two passwords.


Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.