Solve a riddle, guess a 4 char password and add 10 BTC to your xmas... SOLVED!!

[cedivad]

Lol, and i tought that BASH wasn't my bottleneck

[phr33]

Has anyone tried to use c to create the dictionary?

i do it in java with JNI mixed.

What's your speed? It would take me something like 1 day to write the 14 million combinations there are...

2 seconds to create the wordlist (4 chars)
17 seconds to create all sha256 sums
1.5 seconds to write it down to disk (916MB)

Feel free to benchmark the python version on your überclocked machine with blazing fast SSD!

[K1773R]

Code:

k1773r@COOLERMASTER:~/git/JohnTheRipper/src$ ../run/john -fo:gpg-opencl -t
OpenCL platform 0: NVIDIA CUDA, 1 device(s).
Using device 0: GeForce GTX 580
Benchmarking: OpenPGP / GnuPG Secret Key [OpenCL]... DONE
Raw:	91247 c/s real, 92160 c/s virtual

now thats a NICE improvement

EDIT:
35 seconds for FULL scan
brute forcing is faster than creating the wordlist, awesome

Those GPU sure can run!  

The issue I mentioned before was regarding the "trying: xxx" output. There is none in your new dump so I don't know if you fixed the problem or not. It looked like it only tried with half of the hash.

just checked it, its the same for the GPU, do not ask me why! the wordlist hashes are right but the output isnt, did you run into this problem too? for the GPU it "looks" crazy too:

Code:

guesses: 0  time: 0:00:00:35 DONE (Wed Dec 26 11:42:23 2012)  c/s: 414364  trying: 7277b9b8b5034fc - eea8eca3d152537

and the hash from the hashfile is 7277b9b8b5034fc4e715be0e9e61bf3aac30cce46396a30b5272d89e19418a61, ah dammit!

Yes - you need to modify jtr to use this long passwords

how did you fix this? google results are unrelated to this problem (or atleast all i have read so far).
good that i dont delete my wordlists so afterwards i can just recheck...

[K1773R]

Has anyone tried to use c to create the dictionary?

i do it in java with JNI mixed.

What's your speed? It would take me something like 1 day to write the 14 million combinations there are...

2 seconds to create the wordlist (4 chars)
17 seconds to create all sha256 sums
1.5 seconds to write it down to disk (916MB)

Feel free to benchmark the python version on your überclocked machine with blazing fast SSD!

i dont have SSD, dislike to loose my data so fast, the reason why it writes so fast is simply the ext4 cache/buffer.

Code:

real	1m39.336s
user	1m38.058s
sys	0m0.868s

altough this test dosnt seem to be a good benchmark since there are several daemons/VM running.

which python version, pypy or python?

[phr33]

how did you fix this? google results are unrelated to this problem (or atleast all i have read so far).
good that i dont delete my wordlists so afterwards i can just recheck...

Google is usually good, but sometimes one need to just have a look at the source code. You'll find the gpg plugin implemented in src/gpg_fmt_plug.c

I'm sure you will find the length defined there!

[phr33]

Has anyone tried to use c to create the dictionary?

i do it in java with JNI mixed.

What's your speed? It would take me something like 1 day to write the 14 million combinations there are...

2 seconds to create the wordlist (4 chars)
17 seconds to create all sha256 sums
1.5 seconds to write it down to disk (916MB)

Feel free to benchmark the python version on your überclocked machine with blazing fast SSD!

i dont have SSD, dislike to loose my data so fast, the reason why it writes so fast is simply the ext4 cache/buffer.

Code:

real	1m39.336s
user	1m38.058s
sys	0m0.868s

altough this test dosnt seem to be a good benchmark since there are several daemons/VM running.

which python version, pypy or python?

Code:

$ python --version
Python 2.7.3

[CIYAM]

Not sure if you guys have already been doing this but if some basic stats (such as the total # of attempts each of you have tried) could be published then I think that would be very useful (after it has been cracked of course and perhaps only by the winner).

[Scrat Acorns]

Not sure if you guys have already been doing this but if some basic stats (such as the total # of attempts each of you have tried) could be published then I think that would be very useful (after it has been cracked of course).

200+ salt variations tested.

Kill me now.

I've been running this since yesterday. Been aware of the echo newline injection and the JTR limitation from the get go.

[phr33]

A general recommendation when writing brute force scripts is to try it on something you know the password to!

In this case, create a gpg key with a password using your own 4 letter password run through the key derivation and check that you actually find the key!

I myself tend to always screw up at least some small detail. Testing is crucial if you don't want to wast all those cpu-hours

[K1773R]

how did you fix this? google results are unrelated to this problem (or atleast all i have read so far).
good that i dont delete my wordlists so afterwards i can just recheck...

Google is usually good, but sometimes one need to just have a look at the source code. You'll find the gpg plugin implemented in src/gpg_fmt_plug.c

I'm sure you will find the length defined there!

this hurts... who is so retarded and sets this?

Code:

#define PLAINTEXT_LENGTH    32

recompiling with 64.
edit opencl_gpg_fmt_plug.c too! (defaults to 15, wtf?)
compiling done:

Code:

guesses: 0  time: 0:00:00:35 DONE (Wed Dec 26 12:31:23 2012)  c/s: 411250  trying: 7277b9b8b5034fc4e715be0e@a785a10e4399ab30ec56aee3@f30430753b6537 - eea8eca3d1525375b2091f1760ae69e

now the opencl stuff is crap (see the @).

python stuff:

Code:

$ python --version
Python 2.6.5

my guess: faster hashing/loops in 2.7 compared to 2.6.

[phr33]

Not sure if you guys have already been doing this but if some basic stats (such as the total # of attempts each of you have tried) could be published then I think that would be very useful (after it has been cracked of course and perhaps only by the winner).

I tested all passwords for 9 different key derivations before throwing in the towel.

[CIYAM]

I tested all passwords for 9 different key derivations before throwing in the towel.

Sorry to hear that but as you have been very helpful with this I will be sending you 1 BTC anyway (let me know what address to send to either here in a PM if you prefer).

How are the rest of you going - want that hint earlier or happy to wait till until confirmation # 200?

[phr33]

this hurts... who is so retarded and sets this?

Code:

#define PLAINTEXT_LENGTH    32

Hehe. I bet they thought "noone is retared enough to try to brute force more than 32 chars anyway" when they set it

As for the open-cl version they seem to have a more legit reason. Probably more restricted data types and more clever packing of data in there to get nice performance.

[K1773R]

I tested all passwords for 9 different key derivations before throwing in the towel.

Sorry to hear that but as you have been very helpful with this I will be sending you 1 BTC anyway (let me know what address to send to either here in a PM if you prefer).

How are the rest of you going - want that hint earlier or happy to wait till until confirmation # 200?

i got 7 so far, still got the wordlists
waiting seems fine, i need to sleep too, my body is still human

[phr33]

I tested all passwords for 9 different key derivations before throwing in the towel.

Sorry to hear that but as you have been very helpful with this I will be sending you 1 BTC anyway (let me know what address to send to either here in a PM if you prefer).

How are the rest of you going - want that hint earlier or happy to wait till until confirmation # 200?

Thanks!

You can send it to 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ

All winnings will be passed on to a followup contest! It might take a while, but there will be one!

[Scrat Acorns]

How are the rest of you going - want that hint earlier or happy to wait till until confirmation # 200?

Whatever you decide let us know now.

I am also throwing in the towel after 210 or so tries. Been running it since yesterday on a 16 core Xeon.

[K1773R]

this hurts... who is so retarded and sets this?

Code:

#define PLAINTEXT_LENGTH    32

Hehe. I bet they thought "noone is retared enough to try to brute force more than 32 chars anyway" when they set it

As for the open-cl version they seem to have a more legit reason. Probably more restricted data types and more clever packing of data in there to get nice performance.

yes, for opencl u have to change this

Code:

typedef struct {
        uint8_t length;
        uint8_t v[24];
} gpg_password;

change the 24 to 64 in both files (current folder and opencl).
now its working

Code:

guesses: 0  time: 0:00:00:36 DONE (Wed Dec 26 12:44:56 2012)  c/s: 409200  trying: 7277b9b8b5034fc4e715be0e9e61bf3aac30cce46396a30b5272d89e19418a61 - eea8eca3d1525375b2091f1760ae69e

eea8eca3d1525375b2091f1760ae69e <-- last hash in wordlist which is a bug but dosnt matter. (bug fixed, forgot to fsync it)

[CIYAM]

You can send it to 1GAtPwoTGPQ35y9QugJueum5GzaEzLYjiQ

All winnings will be passed on to a followup contest! It might take a while, but there will be one!

On it's way:

http://blockchain.info/tx/003a4b9ee67639a08c28b9c183ab36f3b2fc192aeac84d9bd8cc29684f6f094e

I have a much better bash script that I am including with a custom Open SUSE distro (which I am still putting together) - that will be a hell of a lot more challenging than this to crack (the point being similar to Mike Caldwell's one that you don't need to remember a huge password to get good security).

[phr33]

yes, for opencl u have to change this

Code:

typedef struct {
        uint8_t length;
        uint8_t v[24];
} gpg_password;

change the 24 to 64 in both files (current folder and opencl).
now its working

Looks good!
I would still defiantly try that using a key with known password to make sure it really works

[Scrat Acorns]

I have a much better bash script that I am including with a custom Open SUSE distro (which I am still putting together) - that will be a hell of a lot more challenging than this to crack (the point being similar to Mike Caldwell's one that you don't need to remember a huge password to get good security).

This is security by obscurity though. Once they know about your implementation it will be easily cracked.

Why not use a well scrutinized key derivation function and run 10 million iterations of it?