Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 13 Jul 2012 12:08:16 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: XSHA_fmt_plug.c should support hashes in lower-case

On Fri, Jul 13, 2012 at 7:48 AM, Solar Designer <solar@...nwall.com> wrote:
> On Thu, Jul 05, 2012 at 03:57:27PM +0530, Dhiru Kholia wrote:
>> I tried running john on hash
>> "3e8ed8fc0c6ac6c17cb6efcbe43bf31e765f8f456b2a6500" but it wouldn't
>> accept the hash. After doing echo
>> 3e8ed8fc0c6ac6c17cb6efcbe43bf31e765f8f456b2a6500 | tr "a-z" "A-Z" >
>> newhash, john happily cracks the newhash.
>>
>> Is this by design or is it a bug / limitation?
>
> It is by design, for two reasons:
>
> 1. To have fewer false positives on this format's valid().  IIRC, these
> hashes are stored as all-uppercase on OS X.  Why is yours all-lowercase?
> Where did you get it from and how?

I didn't know that OS X stored hashes in all-uppercase.

> 2. Out of laziness, since we'd have to implement split() converting to
> all-uppercase and set FMT_SPLIT_UNIFIES_CASE to support
> non-all-uppercase hash encodings correctly.
>
> Similarly, for XSHA512 we accept only all-lowercase, although in that
> case the first reason above does not apply (the system does not store
> these hashes as hex).  Perhaps we actually need to do the split() and
> FMT_SPLIT_UNIFIES_CASE thing for XSHA512.  As to XSHA, I am not sure -
> I'd like to hear your story first.

I got the hash from hashcat forum. Not sure how the poster got them in
the first place. For now, documenting that JtR requires XSHA hashes in
upper-case is fine.

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.