Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20180619125646.Horde.0d0MHj1_TqRzUYNloXOuh8O@344c6kbnjnljjzlz.onion>
Date: Tue, 19 Jun 2018 12:56:46 +0000
From: crack.cast5@...mail.net
To: john-users@...ts.openwall.com
Subject: Re: CAST5 GPU cracking

Thanks a lot to both of you for your help. I see a github issue has  
been opened already.

Quoting Dhiru Kholia <dhiru.kholia@...il.com>:

> On Tue, Jun 19, 2018 at 3:56 PM, Solar Designer <solar@...nwall.com> wrote:
>> ./gpg2john newold.asc > newold_out.txt
>>
>>> Cost 2 (hash algorithm [1:MD5 2:SHA1 3:RIPEMD160 8:SHA256 9:SHA384
>>> 10:SHA512 11:SHA224]) is 0 for all loaded hashes
>>
>> Well, at least this is wrong (cost value not among the listed options)
>> and probably indicates we have a bug in there.
>>
>> So there's probably more for us to fix to support PGP keys this old.
>
> On CentOS 7,
>
> $ gpg --homedir . --s2k-cipher-algo idea --s2k-mode 0 \
>     --simple-sk-checksum --gen-key
>
> $ pgpdump secring.gpg
> ...
> Old: Secret Key Packet(tag 5)(931 bytes)
> Ver 4 - new
> Public key creation time - Tue Jun 19 15:04:57 IST 2018
> Pub alg - RSA Encrypt or Sign(pub 1)
> RSA n(2048 bits) - ...
> RSA e(17 bits) - ...
> Sym alg - IDEA(sym 1)
> Simple string-to-key(s2k 0): Hash alg - SHA1(hash 2)
> ...
>
> This is probably the oldest (and possibly weakest) GPG key type we support?
>
> With your key,
>
> $ pgpdump newold.asc
> Old: Secret Key Packet(tag 5)(928 bytes)
> Ver 3 - old
> Public key creation time - Tue Jun 19 00:59:57 IST 2018
> Valid days - 0[0 is forever]
> Pub alg - RSA Encrypt or Sign(pub 1)
> RSA n(2048 bits) - ...
> RSA e(5 bits) - ...
> Sym alg - IDEA(sym 1)
> Simple string-to-key for IDEA
> IV - 4c 24 29 7b 7d fe f2 3d
> Encrypted RSA d(2046 bits) - ...
> Encrypted RSA p(1024 bits) - ...
> Encrypted RSA q(1024 bits) - ...
> Encrypted RSA u(1022 bits) - ...
> Checksum - 52 27
>
> It seems that we don't support this (i.e. Simple string-to-key for
> IDEA) S2K yet.
>
> We might also run into a lot of false positives when cracking such
> keys due to lack of a strong verifier / checksum.
>
> Dhiru




-------------------------------------------------

ONLY AT VFEmail! - Use our Metadata Mitigator to keep your email out of the NSA's hands!
$24.95 ONETIME Lifetime accounts with Privacy Features!  
15GB disk! No bandwidth quotas!
Commercial and Bulk Mail Options!  

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.