05-28-2017, 03:30 PM
Trying to recover a password I used 4 years ago. The data is encrypted with a passphrase and a JS library gibberish-aes. The decryption steps are as follows:
Decode base64 string to bytes
Extract salt and encrypted string from decoded data
pass+salt -> MD5
(prior hash + pass+salt) -> MD5
repeat previous step
they 3 hashes as bytes concatenated contain the AES key and IV
AES decrypt(CBC 256-bit) the encrypted string with the key and iv
On my system JS source does the decryption in about 0.2 seconds, my Rust port does it in 1.7 microseconds, difference of about 5/s vs 582k/s. I can probably parallelize the Rust code to use additional cores of my CPU to scale that?
I'm curious if this could be faster on the GPU. Decrypting with random passphrases generated by hashcat would result in what the CPU versions reject as invalid padding, hashcat also wouldn't know when it's decrypted the data correctly. I know that if the decrypted text starts with 5 it's potentially a valid passphrase, no idea how many false positives I'd get.
If the algorithm would see significant speed up gains on the GPU I'd be happy to try port it, but perhaps the logic described doesn't suit GPU computer or hashcat that well?
Decode base64 string to bytes
Extract salt and encrypted string from decoded data
pass+salt -> MD5
(prior hash + pass+salt) -> MD5
repeat previous step
they 3 hashes as bytes concatenated contain the AES key and IV
AES decrypt(CBC 256-bit) the encrypted string with the key and iv
On my system JS source does the decryption in about 0.2 seconds, my Rust port does it in 1.7 microseconds, difference of about 5/s vs 582k/s. I can probably parallelize the Rust code to use additional cores of my CPU to scale that?
I'm curious if this could be faster on the GPU. Decrypting with random passphrases generated by hashcat would result in what the CPU versions reject as invalid padding, hashcat also wouldn't know when it's decrypted the data correctly. I know that if the decrypted text starts with 5 it's potentially a valid passphrase, no idea how many false positives I'd get.
If the algorithm would see significant speed up gains on the GPU I'd be happy to try port it, but perhaps the logic described doesn't suit GPU computer or hashcat that well?