Products Openwall GNU/*/Linux   server OS John the Ripper   password cracker Free & Open Source for any platform Pro for Linux (RPM package) Pro for Mac OS X (dmg package) Wordlists   for password cracking passwdqc   policy enforcement phpass   password hashing in PHP crypt_blowfish   ditto in C/C++ tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login Services Publications Articles Presentations Community Mailing lists Community wiki Donations Resources Source code repository (CVSweb) File archive & mirrors How to verify digital signatures Password recovery resources Recommended books What's new

Date: Wed, 6 Jun 2012 11:05:02 -0700 (PDT)
From: NeonFlash <psykosonik_frequenz@...oo.com>
To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com>
Subject: Re: Salted Sha-1 Quetsions

Hi,

Yes, SHA1 hashes are case sensitive. They differentiate between lower case and upper case characters.

JTR does handle salted SHA1 hashes. For instance, if you are talking about hashes of the following type:

sha1($s, $p)
sha1($p, $s)

then yes it does support.

you can run the following command to check for all the subformats supported by it:

john --subformat=LIST | findstr "sha"

Format = dynamic_22  type = dynamic_22: md5(sha1($p))
Format = dynamic_23  type = dynamic_23: sha1(md5($p))
Format = dynamic_24  type = dynamic_24: sha1($p.$s) <--- salted
Format = dynamic_25  type = dynamic_25: sha1($s.$p) <--- salted
Format = dynamic_26  type = dynamic_26: sha1($p) raw-sha1


You could also try the sha1-gen format option available.

john --format=sha1-gen -w:wordlist.txt hashes.txt

You need to format your hash file in a specific format for that. Yes, increasing the length of the candidate passwords by even one character especially for lengths greater than 8 can significantly increase the time required to try all the candidate passwords in the attack.


________________________________
 From: . . <topfirsthill@...mail.com>
To: john-users@...ts.openwall.com 
Sent: Wednesday, June 6, 2012 11:12 PM
Subject: [john-users] Salted Sha-1 Quetsions
 

I'm just getting my feet wet here and have a couple of questions... Are Sha-1 hashes case-sensitive?  I've been running JTR for a couple days now, and just realized I used lower-case letters where the Hash was actually in all-caps. Does JTR handle salted sha-1 hashes well? It's been two days, and JTR seems to be on passwords up to 8 char...  Does this mean adding just one other character will cause the crack time to increase to months? Thanks!                           

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ