Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20160424145654.GA18168@openwall.com>
Date: Sun, 24 Apr 2016 17:56:54 +0300
From: Aleksey Cherepanov <lyosha@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: XenForo algorithm and dynamic formats

On Sun, Apr 24, 2016 at 05:50:53PM +0300, Aleksey Cherepanov wrote:
> On Sun, Apr 24, 2016 at 04:36:25PM +0200, Eddy wrote:
> > a guy requested on hashcat github an implementation of XenForo encryption
> > scheme, which follows this:
> > 
> > sha1(hexdigest (sha1(password)) .  hexdigest(salt))
> > sha256(hexdigest (sha256(password)) .  hexdigest(salt))
> > 
> > These schemes could easily be implemented using dynamic so I was wondering
> 
> They are already implemented:
> 
> dynamic_1503	sha256(sha256($p).$s) (XenForo SHA-256)
> dynamic_1502	sha1(sha1($p).$s) (XenForo SHA-1)
> 
> $ run/john --list=format-details | grep -i xenforo
> 
> > if there is any perticular will of the team whether to implement proper
> > formats for this kind of encryption schemes or to only rely on dynamic
> > formats (thus less performances)
> 
> In the scheme with sha256, sha256($p) may be lifted from loop over
> salts because the result is in hex and is long exactly as input block
> for sha256. I guess Jim's current dynamics does not catch such case,
> but it may be worth to improve it there instead of new format.

Oh, I replied to quickly: both sha256($p) and sha1($p) may be lifted
and it looks like dynamics handle it:

$ john '--format=dynamic=sha1(sha1($p).$s)' --test=5
Benchmarking: dynamic=sha1(sha1($p).$s) [128/128 SSE4.1 4x1]... DONE
Many salts:	7520K c/s real, 7520K c/s virtual
Only one salt:	2767K c/s real, 2767K c/s virtual

$ john '--format=dynamic=sha1($p.$s)' --test=5
Benchmarking: dynamic=sha1($p.$s) [128/128 SSE4.1 4x1]... DONE
Many salts:	5111K c/s real, 5122K c/s virtual
Only one salt:	4600K c/s real, 4600K c/s virtual

But with sha256($p), it is possible to lift the first limb of outer
sha256.

> More comments?

Thanks!

-- 
Regards,
Aleksey Cherepanov

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.