john icon indicating copy to clipboard operation
john copied to clipboard

Published 20 hours ago verified publisher icon openwall

argon2-opencl should support longer passwords

Open solardiz opened this issue 1 year ago • 3 comments
trafficstars

Right now, argon2-opencl is unnecessarily limited by its PLAINTEXT_LENGTH 100. We should probably bump this to our usual maximum of 125, unless there's any specific reason to keep it at 100, @alainesp?

solardiz avatar Aug 13 '24 16:08 solardiz

Patched to 125, still works (using a CMIYC 2024 hash on an ancient machine):

$ ./john -mask='Adity?l?s?d?d?d?d' pw-argon2id
Device 1: GeForce GTX 570
Using default input encoding: UTF-8
Loaded 1 password hash (argon2-opencl [Blake2 OpenCL])
Cost 1 (t) is 1 for all loaded hashes
Cost 2 (m) is 65536 for all loaded hashes
Cost 3 (p) is 4 for all loaded hashes
Cost 4 (type [0:Argon2d 1:Argon2i 2:Argon2id]) is 2 for all loaded hashes
Trying to compute 18 hashes at a time using 1152 of 1279 MiB device memory
LWS=32 GWS=2304 (72 blocks) => Mode: LOCAL_MEMORY
Press 'q' or Ctrl-C to abort, 'h' for help, almost any other key for status
Aditya@2011      (?)
1g 0:00:00:39 DONE (2024-08-13 17:30) 0.02520g/s 263.5p/s 263.5c/s 263.5C/s Dev#1:68C Adityu 2011..Adityr@2011

solardiz avatar Aug 13 '24 16:08 solardiz

Right now, argon2-opencl is unnecessarily limited by its PLAINTEXT_LENGTH 100. We should probably bump this to our usual maximum of 125, unless there's any specific reason to keep it at 100, @alainesp?

There shouldn't be any problem, but I can't provide a guarantee. I can recheck the code this weekend if you need assurance.

alainesp avatar Aug 13 '24 20:08 alainesp

Thanks @alainesp. I just wanted to know you don't recall any special reason for choosing 100. I don't see any limitations in the code. Ideally, we'd actually test with a length 125 password (generate such Argon2 hash on CPU).

solardiz avatar Aug 13 '24 20:08 solardiz

Reviewing the code, I see the password is processed on host only, in argon2_initial_hash, which does:

        blake2b_update(&BlakeHash, (const uint8_t *)context->pwd,
                       context->pwdlen);

So there's no issue with increasing the length (it can't break the host to device protocol), but OTOH it reminds us that we could eventually move the pre- and post-processing into the kernel.

solardiz avatar Sep 22 '24 23:09 solardiz

bump this to our usual maximum of 125, unless there's any specific reason to keep it at 100

Yesterday, I realized that the 100 was copied over from the Argon2 CPU format, where we seem to have had this limitation for no reason. @magnumripper has just bumped it to 125 as well in #5557.

solardiz avatar Nov 06 '24 01:11 solardiz