Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <4dbf9333ef24ddec74dcf637976bc330@smtp.hushmail.com>
Date: Wed, 17 Sep 2014 00:00:37 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: attacking RC2 40-bit S/MIME encrypted emails

On 2014-09-16 22:44, augustin wrote:
>>> long time ago, Bruce Schneier published a tool for Windows 95 to
>>> attack S/MIME encrypted emails that use RC2 for encryption with
>>> 40bit long keys.
>>>
>>> https://www.schneier.com/smime.html
>>>
>>> code: https://www.schneier.com/smime-download.html
>>>
>>> I had a look at john formats but did not find anything related.
>>> Does john support that type of encryption or will it be supported
>>> in the future?
>>
>> It doesn't, and I doubt anyone was planning to write it. Is RC2/40
>> still used at all anywhere?
>
> 'openssl smime -encrypt' uses RC2/40 by default according to documentation.
>
> fedora 20 (openssl-1.0.1e-39)/ubuntu 14.04/rhel 6.4:
> 	man smime: "If not specified 40 bit RC2 is used."
>
> so an implementation would probably still be useful these days.

Cool. Someone should do this.

>> Are there sample plaintexts available somewhere, to be used as test
>> vectors?
>
> Using 'openssl smime' should be fine to create test vectors?

I see now they can be created using test.c from that source archive!

> What kind of cracking speed would you expect of an implementation using
> the optimization mentioned in Bruce' documentation?

I just tried a totally naive implementation using OpenSSL and no tricks 
at all. It can try about a million keys per second on one CPU core.

> How long would it take on a modern CPU/GPU for one 40bit key approx.?

Even my naive implementation would crack it within a week on average 
(and faster if you use more cores). I presume that optimization makes it 
a whole lot faster. I have never looked at RC2 but if it's anything like 
RC4 it's not GPU friendly at all. OTOH with that optimization it might 
be worthwhile.

We should ask Jim Russell (and Chris Hall?) for permission, so we can 
just nick some of the code...

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.