As it turns out, there was a pretty significant bug in cowpatty 4.5 and earlier when built on systems with a more modern version of OpenSSL than what I was testing against:<\/p>\n
\r\n typedef struct {\r\n unsigned char k_ipad[65];\r\n unsigned char k_opad[65];\r\n unsigned char k_ipad_set;\r\n unsigned char k_opad_set;\r\n } SHA1_CACHE;\r\n\r\n struct SHA1_CACHE cached;\r\n SHA1_CTX context;\r\n\r\n \/* ... *\/\r\n\r\n if (usecached) {\r\n \/* Cache the context value *\/\r\n memcpy(&cached.k_ipad, &context, sizeof(context));\r\n cached.k_ipad_set = 1;\r\n }\r\n<\/pre>\nWhen I looked at this I realized what the problem was right away: I was stupid when I wrote this code.<\/p>\n
One of the ways we can accelerate WPA2-PSK cracking is to cache values that are computed each time during SHA1 rounds; namely the inner and outer pad hashes (ipad, opad). I implemented this in cowpatty and created a data structure SHA1_CACHE to store the hashed value with a field to indicate if it was currently cached or not.<\/p>\n
At the time, OpenSSL’s SHA1_CACHE structure was 64 bytes; I created my structure members at 65 bytes (why not 64 bytes? Because I was stupid when I wrote this code). Perfect!<\/p>\n
All worked well until I recently discovered that the SHA1_CTX structure is now 96 bytes, which did not fit so well in my 65 byte data structure.<\/p>\n
The lesson here: don’t try to recreate the wheel. This is how I fixed the problem, and how I should have done it back in 2005:<\/p>\n
\r\n typedef struct {\r\n SHA1_CTX k_ipad;\r\n SHA1_CTX k_opad;\r\n unsigned char k_ipad_set;\r\n unsigned char k_opad_set;\r\n } SHA1_CACHE;\r\n<\/pre>\nInstead of relying on a static byte length that once characterized the size of SHA1_CTX, I should have just used the real thing. I’ll remember this lesson in the future, and hopefully you won’t make the same mistake I did.<\/p>\n
You can snag the latest version of cowpatty here<\/a>. Special thanks to Kevin Kestinggolrer, Philipp Schroedel, Max Moser and Nathan Grennan, Jason Franks and Michal Knobel for hitting me with their various clue-sticks.<\/p>\n-Josh<\/p>\n","protected":false},"excerpt":{"rendered":"
As it turns out, there was a pretty significant bug in cowpatty 4.5 and earlier when built on systems with a more modern version of OpenSSL than what I was testing against: typedef struct { unsigned char k_ipad[65]; unsigned char … Continue reading