Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 8 Jun 2012 09:36:31 -0500
From: "jfoug" <jfoug@....net>
To: <john-dev@...ts.openwall.com>
Subject: Was: RE: [john-users] JtR to process the LinkedIn hash dump

Taken to jonh-dev. This is NOT john-users talk, IMHO.  First off, they do
not even have ability to do this, since get_source is not a general release
function, YET.  Note, I have had a conversation with magnum about
get_source.  I think there are issues with it on BE systems, so even though
I am happy it is working very well, until we know it works across the board,
it is not prime time ready.

>From: Frank Dittrich
>
>That's why I suggested get_source

NOTE, get_source is ONLY in bleeding edge jtr at this time.

> to recompute the correct sha-1 (the
>one without 00000, and store this in the pot file, no matter which of
>the hashes you got.

I am working on this.  But it does cause other problems, that I will have to
work around, failures in self test since the hash returned by get_hash is
not the same as returned by split(prepare(original_hash))

>(If you got the one without the first bits zeroed out, you can just
>convert the internal binary hash into the external representation.
>Only if the first bits are all zero, you need to compute the sha-1 hash
>for the password.)

Here is the method I plan on using:

1. split always returns 0000, EVEN if it has the proper hash value.
2. within get_source, we search the just cracked items, looking for one that
has the proper last 4 DWORDS.  
3. If we find that one, we 'patch' it.

Right now, I think this will get things working 100% of the time. Note, I do
have bugs in the self-test, but I think I can work around that, by always
returning a 00000 from get_source, IF I cannot find hash (well, that may not
work, but I will have to see).

Jim.


Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ