Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

argon2: $argon2d$m=2048,t=1,p=1$xxxxxxxxxxxxxxxx is cracked by any password #2650

Closed
AlekseyCherepanov opened this issue Aug 3, 2017 · 7 comments
Closed

argon2: $argon2d$m=2048,t=1,p=1$xxxxxxxxxxxxxxxx is cracked by any password #2650

AlekseyCherepanov opened this issue Aug 3, 2017 · 7 comments
Labels
bug

Comments

@AlekseyCherepanov
Copy link
Member

John cracks synthetic argon2 hashes of form
$argon2d$m=2048,t=1,p=1$xxxxxxxxxxxxxxxx with any password. It does
not seem correct.

$ cat t.pw
$argon2d$m=2048,t=1,p=1$xxxxxxxxxxxxxxxx
$argon2d$m=2048,t=1,p=1$yyyyyyyyyyyyyyyy

$ john t.pw --pot=empty.pot
Loaded 2 password hashes with 2 different salts (argon2 [Blake2 SSSE3])
123456           (?)
123456           (?)

$ cat empty.pot
$argon2d$m=2048,t=1,p=1$xxxxxxxxxxxxxxxx:123456
$argon2d$m=2048,t=1,p=1$yyyyyyyyyyyyyyyy:123456

$ echo asdf | john t.pw --pot=empty2.pot --stdin
Loaded 2 password hashes with 2 different salts (argon2 [Blake2 SSSE3])
asdf             (?)
asdf             (?)

I just used john right from repo, with default configuration.

$ john --list=build-info
Version: 1.8.0-jumbo-1-5774-g8d7ccaf
Build: linux-gnu 64-bit SSE4.1-ac OMP
SIMD: SSE4.1, interleaving: MD4:3 MD5:3 SHA1:1 SHA256:1 SHA512:1
$JOHN is [...]
Format interface version: 14
Max. number of reported tunable costs: 3
Rec file version: REC4
Charset file version: CHR3
CHARSET_MIN: 1 (0x01)
CHARSET_MAX: 255 (0xff)
CHARSET_LENGTH: 24
SALT_HASH_SIZE: 1048576
Max. Markov mode level: 400
Max. Markov mode password length: 30
gcc version: 5.1.0
GNU libc version: 2.19 (loaded: 2.19)
OpenCL headers version: 1.2
Crypto library: OpenSSL
OpenSSL library version: 01000114f
OpenSSL 1.0.1t  3 May 2016
GMP library version: 6.0.0
File locking: fcntl()
fseek(): fseek
ftell(): ftell
fopen(): fopen
memmem(): System's
@kholia kholia added the bug label Aug 3, 2017
@kholia
Copy link
Member

kholia commented Aug 8, 2017
edited

I am able to reproduce this issue but I haven't looked in depth to figure out why it happens.

@solardiz
Copy link
Member

solardiz commented Sep 8, 2017

I think for now we should workaround this with (tested, works):

diff --git a/src/argon2_fmt_plug.c b/src/argon2_fmt_plug.c
index ebae2c8..ef4bb73 100644
--- a/src/argon2_fmt_plug.c
+++ b/src/argon2_fmt_plug.c
@@ -229,7 +229,7 @@ static int valid(char *ciphertext, struct fmt_main *self)
        else
                return 0;
 
-       if (res!=ARGON2_OK)
+       if (res!=ARGON2_OK || ctx.outlen < 8)
          return 0;
 
        return 1;

but it looks like an upstream API issue, so I'll check the latest upstream and report to there if still relevant.

@magnumripper
Copy link
Member

What's the base for that patch?

@solardiz
Copy link
Member

solardiz commented Sep 8, 2017

I happened to be using a tree from August 14, its latest commit was f3dd1a6

@magnumripper
Copy link
Member

Not sure what I did 20 minutes ago but I couldn't find that code at those lines. But it's there alright 😆

@magnumripper
Copy link
Member

I now committed that, in your name.

@solardiz solardiz mentioned this issue Sep 9, 2017
Open
@solardiz
Copy link
Member

solardiz commented Sep 9, 2017

Discussion with upstream project: P-H-C/phc-winner-argon2#223

Summary: looks like I was too quick to notify them, the issue is probably already fixed there. We should sync to latest and re-test.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@kholia @AlekseyCherepanov @magnumripper @solardiz