Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 23 Nov 2015 05:48:55 +0300
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: hash type identification

On Sun, Nov 22, 2015 at 08:57:59PM -0500, Rich Rumble wrote:
> On Sun, Nov 22, 2015 at 7:38 PM, Solar Designer <solar@...nwall.com> wrote:
> > Somehow people are developing scripts like this:
> >
> > http://www.smeegesec.com/2013/11/hashtag-password-hash-identification.html
> > https://github.com/sam-b/HashData
> > https://code.google.com/p/hash-identifier/
> > https://github.com/JoeGlancy/whatisit
> >
> > The latest one of these is just a day old.  I wonder what causes this.
> > Do people feel there's functionality missing?  Or do they prefer a
> > pure scripting language solution, without a dependency on JtR?

> Contest's I've been in that don't specify the format, or dumps I've
> found JtR gives you 5 or more choices in some cases and it's difficult
> to figure out which one to try all your efforts on. The
> Hash-Identifier can help, but you can still have 2-3 after it guesses.

I don't see how any of these scripts can be any better than JtR at
reducing the number of guesses, short of through being unaware of some
of the possibilities (which actually makes them worse) or through
actually cracking some of the passwords (which they currently don't).

> > http://openwall.info/wiki/john/hash-formats

> The Pentestmonkey cheat-sheet actually inspired me to make that page.
> I have not contributed to it in a long time, and I didn't know what to
> do with it at the time.

> > To me, the hash-formats wiki page doesn't make much sense: it starts by
> > describing the file format, and proceeds with detail on a weird subset
> > of the hash types.  I think it'd make more sense to have a wiki page on
> > the file format only, with links to the sample (non-)hash pages.  Maybe
> > one (or more) of us will correct this.

> I can certainly split out the hashes or file formats into other pages,
> but I like having them on one, perhaps I can better delineate the page
> with a index/headings. I started with the hashes I knew best or had
> the best documentation in their "test" routines or readme.

Thank you for explaining this.

To me, only the initial portion of this page - describing the file
format and JtR's behavior - looks useful to JtR users.  The rest looks
more confusing and specialized than useful to people that might stumble
upon this wiki page.  (It's perfectly fine as your personal notes, for
your own use.)  I recommend simply dropping everything below the "NOTE:"
line, and replacing it with links to our sample-hashes and
sample-non-hashes pages.  You may then add a few entries to those pages,
as well as a link from them to this page on the file format.  And yes,
headings are needed.

Alexander

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.