|
Message-ID: <101aac0.1824.13a1784dc5a.Webtop.0@cox.net> Date: Sun, 30 Sep 2012 10:11:54 -0400 (EDT) From: jfoug@....net To: john users <john-users@...ts.openwall.com> Subject: Re: WebEdition CMS Works code worked for me. Likely you missed the extra flag value. That value is VERY important. What that flag does is when the file is being loaded, it takes the salt, performs a MD5 on it, then takes that base-16 results, and uses THAT value as the salt. In other words, it precomputes the md5($s) one time, and then you simply append that value where you need it from that point on, thus cutting down the number of MD5 crypt calls in your inner loop. This is one KEY line, you may have not copied into your format: Flag=MGF_SALT_AS_HEX Here are some quick/dirty timings for this format (note 1012 on my test was my 1 MD5 script) Original $ ./john -test=5 -form=dynamic_1011 Benchmarking: dynamic_1011 md5($p.md5($s)) (WebEdition CMS) [128/128 SSE2 intrinsics 10x4x3]... DONE Many salts: 5702K c/s real, 5719K c/s virtual Only one salt: 4827K c/s real, 4827K c/s virtual Using MGF_SALT_AS_HEX $ ./john -test=5 -form=dynamic_1011 Benchmarking: dynamic_1011 md5($p.md5($s)) (WebEdition CMS) [128/128 SSE2 intrinsics 10x4x3]... DONE Many salts: 9256K c/s real, 9256K c/s virtual Only one salt: 6678K c/s real, 6789K c/s virtual Hotice how the 'many salts' speed gets quite a bit bigger performance boost with this model. This is due to the salt itself now being pretty long (32 bytes). In the 'Many salts' test, there is less memory copying happening with the salt. But you can see precomputing the salt make a pretty large boost to speed. Jim. On Sun, Sep 30, 2012 at 8:31 AM, Dhiru Kholia wrote: > On Sun, Sep 30, 2012 at 5:07 PM, <jfoug@....net> wrote: >> Simply looking at that format script, I believe it would work fine. >> There is >> also ways a username can be used directly within dynamic instead. >> However, >> since anyone using this would be fabricating the JtR input file, >> putting the >> username into a salt field would be just as easy as putting into the >> username field when building the file. > >> Also, if a salt is used vs the username within dynamic, then there is >> a nice >> optimization that can be used to double the speed of the format. If >> you >> notice the base-16 MD5 of the salt (user name), is a static string. >> This can >> be pre-computed at load time, and done only once. This reduces the >> MD5 calls >> from 2 to 1 per password/salt trial. > > Jim, > > I have tried to implement what you said, > > MySQL [webedition]> select username,md5(username),passwd,UseSalt from > tblUser where username="openwall"; > > +----------+----------------------------------+----------------------------------+---------+ > | username | md5(username) | passwd > | UseSalt | > > +----------+----------------------------------+----------------------------------+---------+ > | openwall | f2df0ddd3129c68b1ae7be05779ebeb3 | > 14f8b3781f19a3b7ea520311482ce207 | 1 | > > +----------+----------------------------------+----------------------------------+---------+ > > #################################################################### > # DYNAMIC type for WebEdition CMS md5($p.PMD5(username)) > # > select md5(username),passwd,UseSalt from tblUser > # PMD5(username), pre-computed md5 of username is salt > #################################################################### > [List.Generic:dynamic_1012] > Expression=md5($p.PMD5(username)) (WebEdition CMS) > Flag=MGF_SALTED > Flag=MGF_SALT_AS_HEX > Func=DynamicFunc__clean_input > Func=DynamicFunc__append_keys > Func=DynamicFunc__append_salt > Func=DynamicFunc__crypt_md5 > > Test=$dynamic_1012$14f8b3781f19a3b7ea520311482ce207$HEX$f2df0ddd3129c68b1ae7be05779ebeb3:openwall > > However it fails self-test, > > Benchmarking: dynamic_1012 md5($p.PMD5(username)) (WebEdition CMS) > [128/128 SSE2 intrinsics 10x4x3]... FAILED (get_hash[0](0) > > Any tips to get it working? > > -- > Cheers, > Dhiru
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.