Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20160513120157.GA10626@openwall.com>
Date: Fri, 13 May 2016 15:01:57 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: WinZip PBKDF2 use optimization

Jim, magnum -

atom just posted this:

Behind the WinZip KDF optimization
https://hashcat.net/forum/thread-5451.html

It's about only needing to compute some of the PBKDF2 output blocks for
AES key sizes larger than 128 bits.

I vaguely recalled that we already had it, and I went to check - to my
surprise, it looks like the code currently in jumbo is fully prepared
for this optimization, but does not actually include it for WinZip.
Specifically, pbkdf2_hmac_sha1.h says:

 * simpler, AND contains an option to skip bytes, and only call the hashing
 * function where needed (significant speedup for zip format).

Indeed, it accepts a parameter skip_bytes, but somehow zip_fmt_plug.c
passes 0 for that parameter all the time.  Looking through commits
history for zip_fmt_plug.c, I found that the optimization was lost with:

commit 528e6bcfb1a59f068b70c63b3c0d7ffc62c32ce4
Author: JimF <jfoug@....net>
Date:   Sun Jul 6 22:03:13 2014 -0500

    zip2 format. #434 #691  Removed FMT_NOT_EXACT. Now fully detects passwords.

Can the two of you look into this, please, and likely reintroduce the
optimization?  Also check the OpenCL format for the same.

Thanks,

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.