Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CANO7a6wKr0WPGCd5YyUNdLrp7uRU39x6YQNxGjAUX27kmhUbmQ@mail.gmail.com>
Date: Sun, 29 Jul 2012 21:38:18 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: help needed debugging Blowfish decryption

On Sun, Jul 29, 2012 at 7:26 PM, Dhiru Kholia <dhiru.kholia@...il.com> wrote:
> I am trying to make a KDE KWallet cracker patch for JtR. However, I
> have run into a problem regarding Blowfish decryption. If I use
> OpenSSL or Python version of Blowfish, the results vary from the
> KWallet's Blowfish implementation.
>
> Debugging: Get source from http://dl.dropbox.com/u/1522424/kwallet-v0.tar
>
> $ cd kwallet; make
>
> $ ./1 openwall.kwl  # this uses OpenSSL
> 663cffa17127acd82e7cf947f4
>
> $ ./2 openwall.kwl # this uses KWallet's implementation
> cc7de3d66940abeb00000048 # this is the correct output!
>
> $ python2 bfd.py
> 663cffa17127acd82e7cf947 # wrong result, same as OpenSSL version
>
> Questions:
>
> Can anyone spot the difference between KWallet's implementation and
> OpenSSL's version. Is KWallet's implementation valid?

KWallet's Blowfish implementation contains the following code which is
activated when <QtCore/QBool> in included.

>From blowfish.cc ==>

#if Q_BYTE_ORDER == Q_BIG_ENDIAN
                shuffle(*d);
                shuffle(*(d + 1));
#endif

If I remove <QtCore/QBool> include then KWallet generates same values
as OpenSSL! Is KWallet's implementation of Blowfish broken?

For now, KWallet cracker will be a separate project due to this problem.

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.