Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <85357583aa00fb757d1efbe51bcddf9d@smtp.hushmail.com>
Date: Wed, 30 Sep 2015 22:39:12 +0200
From: magnum <john.magnum@...hmail.com>
To: john-dev@...ts.openwall.com
Subject: Re: Kerberoast for John

On 30/09/15 09:25, Michael Kramer wrote:
>
> Am Montag, 28. September 2015 22:59 CEST, magnum <john.magnum@...hmail.com> schrieb:
>
>>> I've included the fmt_plug file for John, a testfile with 3
>>> testhashes the module is able to crack, and also part of the python
>>> script from Tim Medin to parse kirbi files into the format my John
>
>>> module uses.
>>
>> You should include all three as test vectors. After doing so, you'll
>> find that the format fails self-tests as written. It may crack that test
>> file but it's flawed and will not always work.
>
> I've encluded three test vectors now. It seems to work this time.
>
>>
>>> But I've encountered a strange bug and thought maybe one of you could
>>> help me.
>>
>> There are many bugs ;-) I think you need to do the following, for a starter:
>>
>> 1. Change BINARY_SIZE to 0 and replace binary with fmt_default_binary.
>> Have a look at some other format with a binary size of 0.
>
> Done that.
>
>> 2. Change salt to a struct holding both the salt and what you are now
>> putting in the binary (so this becomes a "salt-only" format, or a
>> non-hash as we use to call them). Then of course change SALT_SIZE to
>> sizeof that struct.
>
> Done that as well.
>
>> 3. Adjust everything accordingly. Drop the binary_hash/get_hash
>
>> functions (use fmt_default_* in the format struct).
>
> Done that as well :)
>
>> 4. Replace <openssl/rc4.h> with "rc4.h" (a local file in the tree)
>
> If I replace this I get a segmentationfault. With the openssl/rc4.h it works. Any idea why that occurs?
>
>> Also, you should rename src/kirbi_export.py to run/kirbi2john.py per our
>> conventions.
>
> I've renamed and edited the license for the python script as well.
>
> Attached you'll find the salt-only module and the renamed Python script.
>
> But the bug I encountered before is still there. After 17 hours I get 500p/s...

Thanks! I committed your patch as-is and then made significant changes 
and enhancements in a separate commit:
https://github.com/magnumripper/JohnTheRipper/commit/05e5146
https://github.com/magnumripper/JohnTheRipper/commit/00bd1bb

On a core i5 laptop, speed went from 80K to 116K single-thread, and to 
368K "many-salts" speed running 4 threads (HT).

You were using OpenSSL EVP, which is slow and not thread-safe. I bet 
that bug was because of that, so it was probably squashed in the process.

To get a snapshot of bleeding-jumbo with this format, use:
https://github.com/magnumripper/JohnTheRipper/archive/bleeding-jumbo.tar.gz

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.