[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 7 Apr 2012 03:04:26 +0400
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: zero-salted sha1 (mac os x 10.4 hash) cracking
Hi,
I was hoping someone else would respond. ;-)
On Thu, Apr 05, 2012 at 05:50:29AM +0000, asdf asdf wrote:
> Hello,I have a small question about John the Ripper. I have a hash of a password in Mac OS X 10.4 (so it's zero-salted sha1, meaning the first 8 characters are the salt and are all 0). How do I get John to crack this?
It should be correctly autodetected by any version of John that supports
those hashes - such as jumbo or JtR Pro. You don't need to do anything
special for this to happen.
> I tried SHA1p with an added salt, but it didn't recognise it.
Indeed. Mac OS X hashes use a binary salt of a fixed size. The correct
JtR "format" for hashes used by 10.4 through 10.6 is called XSHA, but
you don't need to specify it explicitly (although you may). The $SHA1p$
hash encoding prefix is recognized by the sha1-gen format, which is
similar, except that it uses variable-length ASCII salts.
> Without specifying a salt, it did recognise it as "password hash (Mac OS X 10.4 - 10.6 salted SHA-1 [32/64])",
That's right.
> but since I got the salt, it would be a lot quicker if I could specify it, right?
No, it extracted the salt from your 48-char string already.
> So my question is: Can I specify a salt for Mac OS X passwords? If so how, if not, what would be a workaround.
You've already specified the salt in that 48-char string. You don't
need to do anything else about that.
I hope this helps.
Alexander
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux -
Powered by OpenVZ
