Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
If we do not hit our goal we will be forced to close the site.

Current status: https://keepboardsalive.com/

Annual subs are best for most impact. If you are still undecided on going Ad Free - you can also donate using the Paypal Donate option. All contribution helps. Thank you.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.

ORACLE password audits

  • 15-06-2008 07:43PM
    #1
    Martyr
    Closed Accounts Posts: 1,567 ✭✭✭


    Some tools audit ORACLE passwords using brute force/dictionary attack, big corporations rely on it alot to keep networks secure..DBA's swear by their own products..

    a bitslice version doesn't exist to date, atleast not publicly.
    below is basic ORACLE DES password creation, using pseudo LATIN->UNICODE conversion which is common in alot of products.

    [php]
    /* convert the username to unicode */

    for(i = 0,len = 0; i < nNameLen && i < MAX_USERNAME; i++,len++)
    ((unsigned short *)input)[len] = ( toupper( szName ) << 8);

    /* convert the password to unicode, appending to username */

    for(i = 0; i < nPasswordLen && i < MAX_PASSWORD; i++,len++)
    ((unsigned short *)input)[len] = ( toupper( szPassword ) << 8);

    len <<= 1;

    DES_set_key(&static_key,&ks);
    DES_ncbc_encrypt((unsigned char*)input,len,&ks,(DES_cblock*)output);

    DES_set_key((DES_cblock*)output,&ks);
    DES_ncbc_encrypt((unsigned char*)input,len,&ks,(DES_cblock*)pBuf);
    [/php]

    the first call to DES_set_key() uses static key which can be pre-computed.
    the second call uses the result of the first DES_ncbc_encrypt() which can take up alot of computational time.

    to speed this up, you can use precomputed schedules.

    you declare (8 * 256) DES_key_schedules, aligned by 16 bytes

    [php]
    /* the total memory size is about 262,144 bytes */

    DES_key_schedule index_one[256] __attribute__((aligned(16)));
    DES_key_schedule index_two[256] __attribute__((aligned(16)));
    DES_key_schedule index_three[256] __attribute__((aligned(16)));
    DES_key_schedule index_four[256] __attribute__((aligned(16)));
    DES_key_schedule index_five[256] __attribute__((aligned(16)));
    DES_key_schedule index_six[256] __attribute__((aligned(16)));
    DES_key_schedule index_seven[256] __attribute__((aligned(16)));
    DES_key_schedule index_eight[256] __attribute__((aligned(16)));
    [/php]

    you initialize these using the regular/slow DES_set_key() (which only has to be called once)

    [php]
    void init_subkeys()
    {
    u32 byte_index,key_index;
    DES_key_schedule *ks;
    u8 key[8]={0};

    /* for each index of a 64-bit des key */

    for(key_index = 0; key_index < 8; key_index++) {

    ks = g_schedules[key_index];

    for(byte_index = 0; byte_index < 256; byte_index++,ks++) {
    key[key_index] = byte_index;
    DES_set_key(&key,ks);
    }
    key[key_index] = 0;
    }
    }[/php]

    then to create a DES key schedule fast, call a function which takes the key input, and calculates a key schedule based on those in memory with exclusive OR's

    [php]
    void pcDES_set_key(DES_cblock *key, DES_key_schedule *ks)
    {
    u32 i,j;
    DES_key_schedule *tmp;
    u8 *p = (u8*)key;

    memset(ks,0,sizeof(DES_key_schedule));

    for(i = 0;i < 8; i++) {

    tmp = g_schedules;
    tmp = &tmp[*p++];

    for(j = 0;j < (sizeof(DES_key_schedule) / sizeof(DES_LONG)); j += 4) {
    ((DES_LONG*)ks)[j+0] ^= ((DES_LONG*)tmp)[j+0];
    ((DES_LONG*)ks)[j+1] ^= ((DES_LONG*)tmp)[j+1];
    ((DES_LONG*)ks)[j+2] ^= ((DES_LONG*)tmp)[j+2];
    ((DES_LONG*)ks)[j+3] ^= ((DES_LONG*)tmp)[j+3];
    }
    }
    }[/php]

    to maximise performance, use SSE2 registers or Altivec on PowerPC (not shown here)

    [php]
    _sse2_DES_set_key:
    sse2_DES_set_key proc C uses esi ebx edi ebp key:dword, key_schedule:dword

    mov esi,[key_schedule]
    mov edi,[key_schedule]

    pxor xmm0,xmm0
    pxor xmm1,xmm1
    pxor xmm2,xmm2
    pxor xmm3,xmm3

    mov ebp,[key]
    add edi,64

    pxor xmm4,xmm4
    pxor xmm5,xmm5
    pxor xmm6,xmm6
    pxor xmm7,xmm7

    irp i,<0,2,4,6>

    xor eax,eax
    mov al,byte ptr[ebp+i]

    xor ebx,ebx
    mov bl,byte ptr[ebp+i+1]

    mov ecx,[g_schedules+4*i]
    mov edx,[g_schedules+4*i+4]

    rol eax,7
    rol ebx,7

    add ecx,eax
    add edx,ebx

    pxor xmm0,[ecx+16*0]
    pxor xmm1,[ecx+16*1]
    pxor xmm0,[edx+16*0]
    pxor xmm1,[edx+16*1]

    pxor xmm2,[ecx+16*2]
    pxor xmm3,[ecx+16*3]
    pxor xmm2,[edx+16*2]
    pxor xmm3,[edx+16*3]

    pxor xmm4,[ecx+16*4]
    pxor xmm5,[ecx+16*5]
    pxor xmm4,[edx+16*4]
    pxor xmm5,[edx+16*5]

    pxor xmm6,[ecx+16*6]
    pxor xmm7,[ecx+16*7]
    pxor xmm6,[edx+16*6]
    pxor xmm7,[edx+16*7]
    endm

    movdqa [esi+16*0],xmm0
    movdqa [edi+16*0],xmm4

    movdqa [esi+16*1],xmm1
    movdqa [edi+16*1],xmm5

    movdqa [esi+16*2],xmm2
    movdqa [edi+16*2],xmm6

    movdqa [esi+16*3],xmm3
    movdqa [edi+16*3],xmm7

    ret
    sse2_DES_set_key endp[/php]


    a benchmark of this on a CORE2 processor yields higher performance.

    [php]
    sse2_DES_set_key
    Seconds elapsed:4 - 27777777 k/s

    DES_KEY.ASM by Svend Olaf Mikkelson
    Seconds elapsed:14 - 7936507 k/s

    DES_set_key by Eric Leay
    Seconds elapsed:29 - 3831417 k/s
    [/php]

    download example with DLL here


Advertisement