Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 10 May 2015 23:32:52 +0300
From: Alexander Cherepanov <ch3root@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: displaying full meta information about hashes with
 --show=types

On 2015-05-10 21:43, Aleksey Cherepanov wrote:
> I implemented --show=types option that prints all meta information
> about hashes from file. It tries all formats against all hashes and
> prints result in machine parseable format. It applies even formats
> that are disabled. It tries generic crypt always. It respects
> --format= option. It does not bypass john's heuristics for generic
> crypt.

Cool, it will be useful in scripts for sorting and converting hashes.

And it could be useful for fuzzing...

> The format:
> Once for hash:
>    login,
>    original ciphertext,
>    uid,
>    gid,
>    gecos,
>    home,
>    shell.
> For each valid format (may be nothing):
>    label,
>    is format disabled? (1/0),

I don't know if this field is useful but if it's listed at all perhaps 
invert the meaning of it, i.e. 1 for enabled formats and 0 for disabled?

>    number of parts.

I think number of parts is not very useful and can be eliminated. Please 
see below.

>    For each part of splitted/canonical hash:
>      is it same as oringal ciphertext? (1/0),
>      canonical hash or empty string (if the format is disabled).

IMHO there is no much saving by not repeating the hash even if it's the 
same and it would be easier to drop the flag and always output the hash.

If this change is implemented an empty field could be used to separate 
formats. Then the parsing in a scripting language can be done as follows:
1) take the last char as separator;
2) extract first 7 fields as login etc.;
3) split the remaining part by double separator into a list of 
per-format info;
4) for each format split by the separator.

I Perl:

     chomp;
     s/.$//; # strip the separator char at eol...
     my $sep = $&; # ...and store it
     my ($login, $ciphertext, $uid, $gid, $gecos, $home, $shell, $etc) = 
split /\Q$sep\E/, $_, 8;
     for (split /\Q$sep$sep\E/, $etc) { # for each format
         my ($label, $enabled, @parts) = split /\Q$sep\E/;
         print "$label:";
         for (@...ts) {
             print " $_";
         }
         print "\n";
     }

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ