SHA256 bug when salt is really big?
#1
*** I HOPE I AM NOT BREAKING THE 'NO-POSTING HASHES RULE' BY THIS THREAD SINCE BOTH HASHES ARE HOME-MADE **



So, I declare beforehand that I might be stupid but I do believe that there is a bug materializing in oclhashcat when a SHA256 hash is derived from a password with a really big salt. Please note that hashcat DOES NOT suffer from the same problem; it works fine and manages to find the passwords in both cases in the following examples.

In my opinion the bug is due to some kind of overflow of an internal buffer. No error is output; oclhashcat simply fails to find the password.

The bug occurs in cases where the SALT is big (regarding the length).

Here are 2 examples so you see what I mean:



Example 1 (SUCCESS):
~~~~~~~~~~~~~~~~~
SALT : [@36 Dirty,men!#]
SALT AS HEX: 5B4033362044697274792C6D656E21235D

For password= 1234567 -> password+SALT= 1234567[@36 Dirty,men!#]
SHA256= 50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047

For password= 1111111 -> password+SALT= 1111111[@36 Dirty,men!#]
SHA256= eb628e51afdf3ff3d1113a3de49c83116ff83a4052e7c12b355f3eb4e56eed96


1) Put in hash file ONLY the 1st hash:
-----------------------------------
1234567:50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047:5B4033362044697274792C6D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1234567" found!


2) Delete from hash file the previous hash and put in the 2nd hash:
-----------------------------------------------------------
1111111:eb628e51afdf3ff3d1113a3de49c83116ff83a4052e7c12b355f3eb4e56eed96:5B4033362044697274792C6D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1111111" found!


3) Now put BOTH hashes in the hash file:
------------------------------------- 1234567:50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047:5B4033362044697274792C6D656E21235D 1111111:eb628e51afdf3ff3d1113a3de49c83116ff83a4052e7c12b355f3eb4e56eed96:5B4033362044697274792C6D656E21235D

Check if oclhashcat finds both passwords: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1

Result: SUCCCESS, BOTH PASSWORDS FOUND AS EXPECTED

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



Example 2 (FAILURE):
~~~~~~~~~~~~~~~~~
SALT : [@36 Dirty, Ugly and Filthy old men!#]
SALT AS HEX: 5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

For password= 1234567 -> password+SALT= 1234567[@36 Dirty, Ugly and Filthy old men!#]
SHA256= 756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4

For password= 1111111 -> password+SALT= 1111111[@36 Dirty, Ugly and Filthy old men!#]
SHA256= 043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc


1) Put in hash file ONLY the 1st hash:
-----------------------------------
1234567:756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4:5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1234567" found!


2) Delete from hash file the previous and put in the 2nd hash:
-----------------------------------------------------------
1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds the password: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1
Result: password "1111111" found!


3) Now put BOTH hashes in the hash file:
-------------------------------------
1234567:756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4:5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D 1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds both passwords: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1

Result: ** FAILURE !! ** None of the 2 found!!



4) Let's try a mix. Put in hash file one of the 2 hashes from example #1 (which has a smaller salt) and a hash from example #2 (larger salt):
---------------------------------------------------------------
1234567:50192dbc1081f1c143c2c856358981e17682e9864a2497b268e148288c8a7047:5B4033362044697274792C6D656E21235D
1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B4033362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Check if oclhashcat finds both passwords: oclhashcat64.exe -m 1410 hash.txt --username --hex-salt --increment --increment-min=7 -1 1234567 -a 3 ?1?1?1?1?1?1?1

Result: ** Semi-FAILURE !! ** Only the one with the smaller salt is found!


I hope you understand what I mean...



PS: while editing the above I realized that whenever I mention the big salt
"5B40333362044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D" it ends up somehow visually split, ie:

"5B40333​
62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D"

and there is no way to make it appear as a whole entity. No clue there....
#2
oclHaschat only implements a single block of sha256, therefore total input (salt + plain) cannot exceed the size of one block.
#3
(02-13-2014, 08:35 PM)epixoip Wrote: oclHaschat only implements a single block of sha256, therefore total input (salt + plain) cannot exceed the size of one block.


What is the size of one block?
#4
for sha256, 55 bytes.
#5
Correct me please if I am wrong:

Password: 1234567 = 7 characters
Salt: [@36 Dirty, Ugly and Filthy old men!#] = 38 characters

So, 7+38= 45 < 55

Isn't (salt+plain) less than 55?
#6
yes. and it does crack the password. except there does seem to be a bug as it does mangle up the plaintext.

Code:
epixoip@token:~/oclHashcat-1.02$ ./oclHashcat64.bin -d 1 -n 1 -m 1410 ~/example_hash -a 3 1234567
oclHashcat v1.02 starting...

Hashes: 1 total, 1 unique salts, 1 unique digests
Bitmaps: 8 bits, 256 entries, 0x000000ff mask, 1024 bytes
Applicable Optimizers:
* Zero-Byte
* Precompute-Init
* Precompute-Merkle-Demgard
* Early-Skip
* Not-Iterated
* Appended-Salt
* Single-Hash
* Single-Salt
* Brute-Force
* Scalar-Mode
* Raw-Hash
Watchdog: Temperature abort trigger disabled
Watchdog: Temperature retain trigger disabled
Device #1: Hawaii, 3061MB, 1100Mhz, 44MCU
Device #2: skipped by user
Device #3: skipped by user
Device #4: skipped by user
Device #5: skipped by user
Device #6: skipped by user
Device #7: skipped by user
Device #1: Kernel ./kernels/4098/m1410_a3.Hawaii_1348.5_1348.5 (VM).kernel not found in cache! Building may take a while...
Device #1: Kernel ./kernels/4098/m1410_a3.Hawaii_1348.5_1348.5 (VM).kernel (313240 bytes)
Device #1: Kernel ./kernels/4098/markov_be_v1.Hawaii_1348.5_1348.5 (VM).kernel not found in cache! Building may take a while...
Device #1: Kernel ./kernels/4098/markov_be_v1.Hawaii_1348.5_1348.5 (VM).kernel (85244 bytes)
Device #1: Kernel ./kernels/4098/bzero.Hawaii_1348.5_1348.5 (VM).kernel (30472 bytes)

756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4:[@36 Dirty, Ugly and Filthy old men!#]:4321[76

Session.Name...: oclHashcat
Status.........: Cracked
Input.Mode.....: Mask (1234567) [7]
Hash.Target....: 756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4:[@36 Dirty, Ugly and Filthy old men!#]
Hash.Type......: sha256($pass.$salt)
Time.Started...: 0 secs
Speed.GPU.#1...:        0 H/s
Recovered......: 1/1 (100.00%) Digests, 1/1 (100.00%) Salts
Progress.......: 1/1 (100.00%)
Skipped........: 0/1 (0.00%)
Rejected.......: 0/1 (0.00%)

Started: Thu Feb 13 11:13:45 2014
Stopped: Thu Feb 13 11:13:53 2014
#7
see 2.3 and 2.4, looks like a bug. have not tried to reproduce.
#8
I apologize if my initial posting was not clear enough:

when trying to find the password just for 1 hash (with the long salt) it works fine!

So, in your example you have in your hash file "example_hash" the following hash:
1234567:756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4:5B40333​62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

As you correctly point out, oclhashcat finds the password


Now, replace in your hash file "example_hash" the previous hash with this one:
1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B40333​62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D

Run oclhashcat again and it also finds the password.
So, we have 2 different hashes which INDIVIDUALLY oclhashcat successfully finds the passwords.



Next, put in your hash file "example_hash" BOTH the hashes:

1234567:756d043c22902e67d2696f5bd689a9328828cda937f3fc7a6bdd568c7ea272e4:5B40333​62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D
1111111:043023a9f4d3eaf068c4945bc2918670e6b480946113958c89cd62e678b27ffc:5B40333​62044697274792C2055676C7920616E642046696C746879206F6C64206D656E21235D


Run oclhashcat. THIS TIME IT FAILS FOR BOTH!!
So, when run on a single hash it works, when it runs for both it fails.

Is it more clear now?
#9
Ah ok, yeah, that's more clear. So yes, you should file a bug report about this on Trac. Might also want to include the bug in my example as well, where it cracked "1234567" as "4321[76" (not just a display bug, has this in the potfile as well)
#10
(02-13-2014, 09:59 PM)epixoip Wrote: Ah ok, yeah, that's more clear. So yes, you should file a bug report about this on Trac. Might also want to include the bug in my example as well, where it cracked "1234567" as "4321[76" (not just a display bug, has this in the potfile as well)


So, did you verify that indeed by having both hashes in the hash file oclhashcat fails on both?

Regarding your "4321[76" vs "1234567": for me it always writes in potfile "1234567". Can you please retry several times to confirm it always happens?


UPDATE: I opened a ticket