Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 13 May 2015 22:37:56 +0300
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Re: displaying full meta information about hashes
 with --show=types

Mathieu,

On Wed, May 13, 2015 at 01:55:11PM -0500, Mathieu Laprise wrote:
> I don't understand which field are useful for Johnny "hash type
> suggestion/guessing".

You need format labels and maybe "is_disabled" field. See below.

> I assume there will be a new column in the password table view after hash
> in Johnny called "Type". And Johnny should write in the column format DES,
> md5 etc. Is that right ?
> If user click on button "Get hash type", I'll call ../run/john --show=types
> ../../t.pw

I hope Shinnok will comment on visual appearance.

> From Aleksey's example in first post:
> 
> > Input:
> > NONE:0ed7dd550afb451ac5b94cb644310b09
> >
> If I send a file, iIs it something that I need to send to stdin ? What does
> this input do?

The input for --show=types is the same as for johnny. So if you opened
somefile.pw then you call `john --show=types somefile.pw`.

> Output:
> >
> > NONE:0ed7dd550afb451ac5b94cb644310b09:::/:/:/::LM:0:2:0:$LM$0ed7dd550afb451a:0:$LM$c5b94cb644310b09:HAVAL-128-4:0:1:0:$haval$0ed7dd550afb451ac5b94cb644310b09:lotus5:0:1:1::MD2:0:1:1::mdc2:0:1:1::mscash:0:1:1::mscash2:0:1:1::NT:0:1:0:$NT$0ed7dd550afb451ac5b94cb644310b09:Raw-MD4:0:1:0:$MD4$0ed7dd550afb451ac5b94cb644310b09:Raw-MD5:0:1:0:$dynamic_0$0ed7dd550afb451ac5b94cb644310b09:Raw-MD5u:0:1:0:$dynamic_29$0ed7dd550afb451ac5b94cb644310b09:ripemd-128:0:1:0:$ripemd$0ed7dd550afb451ac5b94cb644310b09:Snefru-128:0:1:1::NT-old:0:1:0:$NT$0ed7dd550afb451ac5b94cb644310b09:
> >
> >
> > With breaks to describe parts:
> >
> > About hash: login, hash, ...
> > NONE:0ed7dd550afb451ac5b94cb644310b09:::/:/:/::
> >
> > By type:
> >
> >      number of parts
> >      v     hash 1                 hash 2
> > LM:0:2:0:$LM$0ed7dd550afb451a:0:$LM$c5b94cb644310b09:
> > HAVAL-128-4:0:1:0:$haval$0ed7dd550afb451ac5b94cb644310b90:
> >
> >            the canonical hash is the same as input hash
> >            | so there is empty string here
> >            v v
> > lotus5:0:1:1::
> > MD2:0:1:1::mdc2:0:1:1::
> > mscash:0:1:1::
> > mscash2:0:1:1::
> > NT:0:1:0:$NT$0ed7dd550afb451ac5b94cb644310b09:
> > Raw-MD4:0:1:0:$MD4$0ed7dd550afb451ac5b94cb644310b09:
> > Raw-MD5:0:1:0:$dynamic_0$0ed7dd550afb451ac5b94cb644310b09:
> > Raw-MD5u:0:1:0:$dynamic_29$0ed7dd550afb451ac5b94cb644310b09:
> > ripemd-128:0:1:0:$ripemd$0ed7dd550afb451ac5b94cb644310b09:
> > Snefru-128:0:1:1::
> > NT-old:0:1:0:$NT$0ed7dd550afb451ac5b94cb644310b09:
> >
> Everything in this might be wrong, I'm trying to understand by making
> hypothesis after looking at the format. First, what is the $XXXX(dynamic_0)
> thing doing before hash $0ed7dd550afb451ac5b94cb644310b0the ?

$dynamic_0$ is tag of format (hash type). It is a part of hash. It is
the canonical form of the hash for this format: it will be written to
.pot (and it can be used to get the password back without temporary
file, but that's other story). Most probably you don't need to show
the hash to user (it may be an option then for advanced users).

> Is it
> important for johnny?

Rather no, not important now.

> Regarding the output, what does v means ?

It is an array to point to a specific part of line. It is not a part
of output of --show=types.

> If we take
> last line for example, I think the type is NT-old but what does :0:1:0:
> stands for and is it important for our johnny feature ?

The last patch contains mistake: formats are not separated by :: just
:, it makes it harder to parse. Please wait a bit.

The format changed a bit, but now there are 3 fields too:

A part of line from new output:
NT-old:0:0:1:$NT$b4c37357cccccccccccccccccccccccc

"NT-old" is format label that can be used as argument for --format=
option.

Then there are 3 fields 1/0: is_disabled, is_dynamic, matches_exactly.

is_disabled means that the format was disabled through john.conf. But
it may be forced by --format= option. Most probably such formats
should be skipped now. Maybe later it would be good to make "format
investigation mode" in Johnny.

is_dynamic means that the format is dynamic (they are called dynamic_*
and some of them are defined in john.conf). There are a lot of dynamic
formats and by default they don't load bare hashes (i.e. without a
tag). You may ignore it now. It may be useful when user wants to see
more possibilities, though even so user can enable bare hashes for
dynamics and enjoy long lists of formats.

matches_exactly means that the format uses the hash in the second
field. It is not always this way: pwdump file format is an example,
original LM is shown in the second field, while NT hash is not shown.
You may ignore this and the second field too: just match format list
with the original line by number.

> Why is there line
> without hash like Snefru-128:0:1:1:: and lines with  two types
> MD2:0:1:1::mdc2:0:1:1:: (MD2 and mdc2) ?

I changed that. There should be a hash always.

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.