john-users - Re: CAST5 GPU cracking

Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20180618193551.Horde.LPf3cHCy5TPADnE9J-fSsLQ@344c6kbnjnljjzlz.onion>
Date: Mon, 18 Jun 2018 19:35:51 +0000
From: crack.cast5@...mail.net
To: john-users@...ts.openwall.com
Subject: Re: CAST5 GPU cracking

Thank you again. I will have to set up version 5 for an ultimate test.  
Now I am using 2.6.3.

It doesn't crack it -- maybe I am doing something wrong? The password  
I used was 'test'.

C:\Users\Desktop\pgp>pgp -kg
No configuration file found.
Pretty Good Privacy(tm) 2.6.3ia-multi06 - Public-key encryption for the masses
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 2002-04-22
International version - for use everywhere (including USA).
Current time: 2018/06/18 19:30 GMT

PGP is now using IDEA with MD5.


Pick your RSA key size:
     1)  512 bits- No security,   should not be used
     2)  768 bits- Low security,  should not be used
     3) 1024 bits- Good security, supported by all PGP-versions
     4) 2047 bits- High security, supported since 2.6
     5) 2048 bits- High security, supported since 2.6.3
     6) 3172 bits- Higher security,     not supported by many PGP-versions
     7) 4096 bits- Very high security,  not supported by many PGP-versions
Choose 1 - 7, or enter desired number of bits: 5

Generating an RSA key with a 2048-bit modulus.

You need a user ID for your public key.  The desired form for this
user ID is your name, followed by your E-mail address enclosed in
<angle brackets>, if you have an E-mail address.
For example:  John Q. Smith <12345.6789@...puserve.com>
Enter a user ID for your public key:
user
Please specify how long the key should be valid.
        0 = key does not expire
     <n>  = key expires in n days
     <n>m = key expires in n months
     <n>y = key expires in n years


You need a pass phrase to protect your RSA secret key.
Your pass phrase can be any sentence or phrase and may have many
words, spaces, punctuation, or any other printable characters.

Enter pass phrase:
Enter same pass phrase again:
Note that key generation is a lengthy process.

We need to generate 1976 random bits.  This is done by measuring the
time intervals between your keystrokes.  Please enter some random text
on your keyboard until you hear the beep:
    0 * -Enough, thank you.
.......**** .............****
Pass phrase is good.  Just a moment....
Key signature certificate added.
Key generation completed.

C:\Users\Desktop\pgp>pgp -a -kx user out.txt secring.pgp
No configuration file found.
Pretty Good Privacy(tm) 2.6.3ia-multi06 - Public-key encryption for the masses
(c) 1990-96 Philip Zimmermann, Phil's Pretty Good Software. 2002-04-22
International version - for use everywhere (including USA).
Current time: 2018/06/18 19:31 GMT

PGP is now using IDEA with MD5.


Extracting from key ring: 'secring.pgp', userid "user".

Key for user ID: user
2048-bit key, key ID D92510BD, created 2018/06/18

Output file 'out.asc' already exists.  Overwrite (y/N)? y

Transport armor file: out.asc

Key extracted to file 'out.asc'.

C:\Users\Desktop\pgp>type out.asc
Type Bits/KeyID    Date       User ID
sec  2048/D92510BD 2018/06/18 user

-----BEGIN PGP SECRET KEY BLOCK-----
Version: 2.6.3ia-multi06

lQOgA1soCDUAAAEIAKDesukffEAfwdSs6gRiSjiOfXrmkhstlrLr04Lw4dst5opQ
bP04EhDC/XyJKAv3U8RBN/hCUkoPynWJPoo8qmJYln/AvMbD7yF+ONWfdAYrrTJd
XGcWDgDepC4ovZNk3B+PKW2f+58ZGIhUGfJJ5KCX2EX2J2z4Lmaz1w8YYOnbPTht
PsZ+u15Pogoqj+uCia5/9iG/YIJIt61zsDRjG9pRWUCVy6gEQm6F/xHOof6ce/dL
e66tFJlymKiKUvMu/+bdgQgkK7WwoToPrUw+Y8JMf9XrTj0gNrPlmuXfB/kj1LUD
3rIG3cE+/yGw0WXQRcJo0NPHMJQIpGa4v9klEL0ABREBTCQpe33+8j0H/l6fXS/0
O7rWDnOlBSUXEuMRIFHQ1xYqH3GuiuuMh73xbHX00DtCEy/gVwRc09/Yy3oWjfoI
0vGVpqd38yMP6V2Rcrt+gs+8VQDvJJRuZLWuerLIkmkztMK+eVmTja67hg1YpLz8
/k7T2VA4rQJ/weomXK2jgHlgQbOgwJ9t8+xLHnJnqA3QmXT4v782KkyGZY/wn1Sk
blyW6lwBzBGAFSeHvaNe4besWtDU/unNvqZAJ/+QK0wIaee4Wx0UCirGoSN5d++y
wPuXD5OrYEZcT6SQk+FE1Nv1merRZB6ifwNHpORPNiPsenjGsZY+a19uLu5uerQT
CggZ1g3cmyyYWjwEAKKQUeG45V1i1pHbrIySA58ga7lyEBEjSMiBiLn+2eUII39p
7duw8KTpVod4pVbZn6h6xJK3S+isOg3E8dq6Ha5PEuJqsjyhtEfu8Moh8PP8aqxA
vrTngH8ljwTuqYru43M96WRZMhfj3XVAyKYkQSdhiI2TxiM4Pi4MhhFEZdQEBAA8
OK8Tmpa0AAHD/B8bf12P5vhu8UqM5xMBkJX6D4wlzJcza046kb11090B16ROSFOr
i6aMSQ62jcwjs2nZAwKBAEXRuuL7ZluxbBguVm4eQXP7UjD5yCurObyzDKfKMPns
KW8VsMXwWntnSBHUaV7lFiLELFJlGAEhF2GCZLbJfAP+uxMcsxMz/sQHRGEHhIgu
dlSPHemEkRoZa8Wl1hnjoNX78gwC0fd78f2ZhE/boXoQg6+M6Lbw2xdtHJNjLnqw
omiMTnvyL7HQ9hMY8O0fK8F+2meBkBSjhCznodfNkCHHqCYkAnKR81eKiFl9hQEd
+mmVKPTFdNS/fm7tcxYifx1SJ7QEdXNlcg==
=jcaF
-----END PGP SECRET KEY BLOCK-----



Then...

[ec2-user@ run]$ cat >newold.asc
-----BEGIN PGP SECRET KEY BLOCK-----
Version: 2.6.3ia-multi06

lQOgA1soCDUAAAEIAKDesukffEAfwdSs6gRiSjiOfXrmkhstlrLr04Lw4dst5opQ
bP04EhDC/XyJKAv3U8RBN/hCUkoPynWJPoo8qmJYln/AvMbD7yF+ONWfdAYrrTJd
XGcWDgDepC4ovZNk3B+PKW2f+58ZGIhUGfJJ5KCX2EX2J2z4Lmaz1w8YYOnbPTht
PsZ+u15Pogoqj+uCia5/9iG/YIJIt61zsDRjG9pRWUCVy6gEQm6F/xHOof6ce/dL
e66tFJlymKiKUvMu/+bdgQgkK7WwoToPrUw+Y8JMf9XrTj0gNrPlmuXfB/kj1LUD
3rIG3cE+/yGw0WXQRcJo0NPHMJQIpGa4v9klEL0ABREBTCQpe33+8j0H/l6fXS/0
O7rWDnOlBSUXEuMRIFHQ1xYqH3GuiuuMh73xbHX00DtCEy/gVwRc09/Yy3oWjfoI
0vGVpqd38yMP6V2Rcrt+gs+8VQDvJJRuZLWuerLIkmkztMK+eVmTja67hg1YpLz8
/k7T2VA4rQJ/weomXK2jgHlgQbOgwJ9t8+xLHnJnqA3QmXT4v782KkyGZY/wn1Sk
blyW6lwBzBGAFSeHvaNe4besWtDU/unNvqZAJ/+QK0wIaee4Wx0UCirGoSN5d++y
wPuXD5OrYEZcT6SQk+FE1Nv1merRZB6ifwNHpORPNiPsenjGsZY+a19uLu5uerQT
CggZ1g3cmyyYWjwEAKKQUeG45V1i1pHbrIySA58ga7lyEBEjSMiBiLn+2eUII39p
7duw8KTpVod4pVbZn6h6xJK3S+isOg3E8dq6Ha5PEuJqsjyhtEfu8Moh8PP8aqxA
vrTngH8ljwTuqYru43M96WRZMhfj3XVAyKYkQSdhiI2TxiM4Pi4MhhFEZdQEBAA8
OK8Tmpa0AAHD/B8bf12P5vhu8UqM5xMBkJX6D4wlzJcza046kb11090B16ROSFOr
i6aMSQ62jcwjs2nZAwKBAEXRuuL7ZluxbBguVm4eQXP7UjD5yCurObyzDKfKMPns
KW8VsMXwWntnSBHUaV7lFiLELFJlGAEhF2GCZLbJfAP+uxMcsxMz/sQHRGEHhIgu
dlSPHemEkRoZa8Wl1hnjoNX78gwC0fd78f2ZhE/boXoQg6+M6Lbw2xdtHJNjLnqw
omiMTnvyL7HQ9hMY8O0fK8F+2meBkBSjhCznodfNkCHHqCYkAnKR81eKiFl9hQEd
+mmVKPTFdNS/fm7tcxYifx1SJ7QEdXNlcg==
=jcaF
-----END PGP SECRET KEY BLOCK-----
[ec2-user@ run]$ ./gpg2john newold.asc

File newold.asc
user:$gpg$*1*650*2048*07fe5e9f5d2ff43bbad60e73a505251712e3112051d0d7162a1f71ae8aeb8c87bdf16c75f4d03b42132fe057045cd3dfd8cb7a168dfa08d2f195a6a777f3230fe95d9172bb7e82cfbc5500ef24946e64b5ae7ab2c8926933b4c2be7959938daebb860d58a4bcfcfe4ed3d95038ad027fc1ea265cada380796041b3a0c09f6df3ec4b1e7267a80dd09974f8bfbf362a4c86658ff09f54a46e5c96ea5c01cc1180152787bda35ee1b7ac5ad0d4fee9cdbea64027ff902b4c0869e7b85b1d140a2ac6a1237977efb2c0fb970f93ab60465c4fa49093e144d4dbf599ead1641ea27f0347a4e44f3623ec7a78c6b1963e6b5f6e2eee6e7ab4130a0819d60ddc9b2c985a3c0400a29051e1b8e55d62d691dbac8c92039f206bb97210112348c88188b9fed9e508237f69eddbb0f0a4e9568778a556d99fa87ac492b74be8ac3a0dc4f1daba1dae4f12e26ab23ca1b447eef0ca21f0f3fc6aac40beb4e7807f258f04eea98aeee3733de964593217e3dd7540c8a624412761888d93c623383e2e0c86114465d40404003c38af139a96b40001c3fc1f1b7f5d8fe6f86ef14a8ce713019095fa0f8c25cc97336b4e3a91bd75d3dd01d7a44e4853ab8ba68c490eb68dcc23b369d90302810045d1bae2fb665bb16c182e566e1e4173fb5230f9c82bab39bcb30ca7ca30f9ec29
6f15b0c5f05a7b674811d4695ee51622c42c526518012117618264b6c97c03febb131cb31333fec40744610784882e76548f1de984911a196bc5a5d619e3a0d5fbf20c02d1f77bf1fd99844fdba17a1083af8ce8b6f0db176d1c93632e7ab0a2688c4e7bf22fb1d0f61318f0ed1f2bc17eda67819014a3842ce7a1d7cd9021c7a82624027291f3578a88597d85011dfa699528f4c574d4bf7e6eed7316227f1d5227*0*1*0*1*8*4c24297b7dfef23d*0*0000000000000000*256*a0deb2e91f7c401fc1d4acea04624a388e7d7ae6921b2d96b2ebd382f0e1db2de68a506cfd381210c2fd7c89280bf753c44137f842524a0fca75893e8a3caa6258967fc0bcc6c3ef217e38d59f74062bad325d5c67160e00dea42e28bd9364dc1f8f296d9ffb9f1918885419f249e4a097d845f6276cf82e66b3d70f1860e9db3d386d3ec67ebb5e4fa20a2a8feb8289ae7ff621bf608248b7ad73b034631bda51594095cba804426e85ff11cea1fe9c7bf74b7baead14997298a88a52f32effe6dd8108242bb5b0a13a0fad4c3e63c24c7fd5eb4e3d2036b3e59ae5df07f923d4b503deb206ddc13eff21b0d165d045c268d0d3c7309408a466b8bfd92510bd:::user::newold.asc
[ec2-user@ run]$ cat >newold_out.txt
user:$gpg$*1*650*2048*07fe5e9f5d2ff43bbad60e73a505251712e3112051d0d7162a1f71ae8aeb8c87bdf16c75f4d03b42132fe057045cd3dfd8cb7a168dfa08d2f195a6a777f3230fe95d9172bb7e82cfbc5500ef24946e64b5ae7ab2c8926933b4c2be7959938daebb860d58a4bcfcfe4ed3d95038ad027fc1ea265cada380796041b3a0c09f6df3ec4b1e7267a80dd09974f8bfbf362a4c86658ff09f54a46e5c96ea5c01cc1180152787bda35ee1b7ac5ad0d4fee9cdbea64027ff902b4c0869e7b85b1d140a2ac6a1237977efb2c0fb970f93ab60465c4fa49093e144d4dbf599ead1641ea27f0347a4e44f3623ec7a78c6b1963e6b5f6e2eee6e7ab4130a0819d60ddc9b2c985a3c0400a29051e1b8e55d62d691dbac8c92039f206bb97210112348c88188b9fed9e508237f69eddbb0f0a4e9568778a556d99fa87ac492b74be8ac3a0dc4f1daba1dae4f12e26ab23ca1b447eef0ca21f0f3fc6aac40beb4e7807f258f04eea98aeee3733de964593217e3dd7540c8a624412761888d93c623383e2e0c86114465d40404003c38af139a96b40001c3fc1f1b7f5d8fe6f86ef14a8ce713019095fa0f8c25cc97336b4e3a91bd75d3dd01d7a44e4853ab8ba68c490eb68dcc23b369d90302810045d1bae2fb665bb16c182e566e1e4173fb5230f9c82bab39bcb30ca7ca30f9ec29
6f15b0c5f05a7b674811d4695ee51622c42c526518012117618264b6c97c03febb131cb31333fec40744610784882e76548f1de984911a196bc5a5d619e3a0d5fbf20c02d1f77bf1fd99844fdba17a1083af8ce8b6f0db176d1c93632e7ab0a2688c4e7bf22fb1d0f61318f0ed1f2bc17eda67819014a3842ce7a1d7cd9021c7a82624027291f3578a88597d85011dfa699528f4c574d4bf7e6eed7316227f1d5227*0*1*0*1*8*4c24297b7dfef23d*0*0000000000000000*256*a0deb2e91f7c401fc1d4acea04624a388e7d7ae6921b2d96b2ebd382f0e1db2de68a506cfd381210c2fd7c89280bf753c44137f842524a0fca75893e8a3caa6258967fc0bcc6c3ef217e38d59f74062bad325d5c67160e00dea42e28bd9364dc1f8f296d9ffb9f1918885419f249e4a097d845f6276cf82e66b3d70f1860e9db3d386d3ec67ebb5e4fa20a2a8feb8289ae7ff621bf608248b7ad73b034631bda51594095cba804426e85ff11cea1fe9c7bf74b7baead14997298a88a52f32effe6dd8108242bb5b0a13a0fad4c3e63c24c7fd5eb4e3d2036b3e59ae5df07f923d4b503deb206ddc13eff21b0d165d045c268d0d3c7309408a466b8bfd92510bd:::user::newold.asc
[ec2-user@ run]$ cat wordlist
test2
test
test3
[ec2-user@ run]$ ./john newold_out.txt --wordlist=wordlist
Using default input encoding: UTF-8
Loaded 1 password hash (gpg, OpenPGP / GnuPG Secret Key [32/64])
Cost 1 (s2k-count) is 0 for all loaded hashes
Cost 2 (hash algorithm [1:MD5 2:SHA1 3:RIPEMD160 8:SHA256 9:SHA384  
10:SHA512 11:SHA224]) is 0 for all loaded hashes
Cost 3 (cipher algorithm [1:IDEA 2:3DES 3:CAST5 4:Blowfish 7:AES128  
8:AES192 9:AES256 10:Twofish 11:Camellia128 12:Camellia192  
13:Camellia256]) is 1 for all loaded hashes
Press 'q' or Ctrl-C to abort, almost any other key for status
0g 0:00:00:00 DONE (2018-06-18 19:31) 0g/s 300.0p/s 300.0c/s 300.0C/s test3
Session completed
[ec2-user@ run]$ ./john --show newold_out.txt
0 password hashes cracked, 1 left
[ec2-user@ run]$


Quoting Solar Designer <solar@...nwall.com>:

> On Mon, Jun 18, 2018 at 06:59:05PM +0000, crack.cast5@...mail.net wrote:
>> Is the old count really 65536?
>
> Yes, that's what old keys used (and many still do).
>
>> Is gpg2john tested with such old keys from 2000?
>
> I think so, but I'm not sure exactly with which versions of PGP/GnuPG.
>
>> Ideally I would download an older PGP and run a test
>
> Yes, you should.
>
>> but it is hard to find such an old version.
>
> No, it is not.  PGP 2.6.3i* from mid to late 1990s:
>
> http://www.spywarewarrior.com/uiuc/disastry/263multi.htm#download
>
> GnuPG 1.2.0+ from 2002+:
>
> https://www.gnupg.org/ftp/gcrypt/gnupg/
>
> You might run into minor difficulties building these on a modern system,
> though.  You might end up needing to tweak them or building/running in a
> VM with a similarly old system.
>
> Alexander




-------------------------------------------------

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.