Scrypt and TMTO question
#1
Hi guys, so I was asked to take a look at the speed of scypt with TMTO of 32768:3:1.

I first tried using a hash file with:
"SCRYPT:32768:3:1:thehash"

and I got "ERROR: ./kernels/4098/m09800_32768_3_1_256.VLIW1.llvmr: No such file or directory"

Does this mean there is no precompiled kernel for those TMTO parameters?

I then tried adding --script-tmto 32768:3:1 and got a "ERROR: can't allocate enough GPU memory" So I guess that means I would have to use hashcat instead.

I guess I shouldn't be surprise with 32768:3:1 but since it's the first time I play with scrypt I wanted to check with the you guys since I don't know the impact of N p r on performance and memory usage.
#2
Do you even know what TMTO means? It has nothing to do with n, p, r values. (what is r?)
#3
(06-23-2015, 07:56 PM)undeath Wrote: Do you even know what TMTO means? It has nothing to do with n, p, r values. (what is r?)

Please correct me if I'm wrong but it's Time Memory TradeOff and from my limited understanding is used to control Execution time and/or memory usage of the scrypt algo. Close enough?

the code I read used the r value in smix function but the N, p and r I saw in the code could be for something else.

What do you call the 3 values you can define in the scrypt hash? I would like to know, every where I looked I saw them named N, p and r.
#4
Which application is using 32768:3:1 the setting?
#5
(06-24-2015, 11:09 AM)atom Wrote: Which application is using 32768:3:1 the setting?

Android 4.4.4 to 5.1.1. If you look in https://android.googlesource.com/platfor.../cryptfs.h you'll see the scrypt parameters. I don't have a way to get the hash from the trustzone. Just looking at how feasible it is once I can get the hash.
#6
(06-24-2015, 03:04 AM)mrleau Wrote: Please correct me if I'm wrong but it's Time Memory TradeOff and from my limited understanding is used to control Execution time and/or memory usage of the scrypt algo. Close enough?

TMTO is nothing a defender can chose. It's only a setting for the attacker. The attacker can reduce the calculation time by using more memory. You very likely should not touch the value automatically chosen by hashcat. Furthermore you don't want to "look at the speed of scypt with TMTO". You just want to crack the hash.

The scrypt parameters are not related to any TMTO.
#7
(06-24-2015, 06:58 PM)undeath Wrote:
(06-24-2015, 03:04 AM)mrleau Wrote: Please correct me if I'm wrong but it's Time Memory TradeOff and from my limited understanding is used to control Execution time and/or memory usage of the scrypt algo. Close enough?

TMTO is nothing a defender can chose. It's only a setting for the attacker. The attacker can reduce the calculation time by using more memory. You very likely should not touch the value automatically chosen by hashcat. Furthermore you don't want to "look at the speed of scypt with TMTO". You just want to crack the hash.

The scrypt parameters are not related to any TMTO.

Ah, thanks for thanks for the info. I guess I still have some reading to do. I was thinking TMTO and scrypt parameters were the same thing. We all want to crack the hash but if it's too slow to have a realistic chance I'll need a plan b that's why I was saying what I was saying.
#8
(06-24-2015, 04:46 PM)mrleau Wrote:
(06-24-2015, 11:09 AM)atom Wrote: Which application is using 32768:3:1 the setting?

Android 4.4.4 to 5.1.1. If you look in https://android.googlesource.com/platfor.../cryptfs.h you'll see the scrypt parameters. I don't have a way to get the hash from the trustzone. Just looking at how feasible it is once I can get the hash.

The scrypt part is just one of many steps. Afaik there's no way yet to offline crack an android hash because of the cipher key on chip which you can not read. Therefore the attack, or at least parts of it, must be done on the device itself.