Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 29 Sep 2017 23:58:57 +0200
From: Solar Designer <solar@...nwall.com>
To: john-users@...ts.openwall.com
Subject: Re: RFC: Hashkiller Rosetta Stone

On Fri, Sep 29, 2017 at 07:20:31AM -0800, Royce Williams wrote:
> I'm working on a Hashkiller Rosetta Stone (a list of upload formats
> supported by Hashkiller, and how to use those modes in hashcat, john, and
> MDXfind.)
> 
> A draft is here:
> 
> https://gist.github.com/roycewilliams/28a9e940e7cd37268ceeac4962bda757
> 
> Any help/tips appreciated. I don't know the underlying algorithm of many
> product-specific formats, so I'm almost certainly missing some obvious ones.

It'd help if you list example hashes, preferably all for a fixed
password like "password", so that you don't need to list the
corresponding different plaintext passwords as well.

JtR supports command-line dynamic formats now (and has been for a couple
of years, due to work by Jim), so most if not all of your "unsupported"s
are actually supported at least in this way.

Those command-line dynamics typically allow for a higher password
length, too.  For example, when experimenting with Update 2 from
https://haveibeenpwned.com/Passwords I found that "--external=Repeats"
cracks plenty of passwords of lengths up to 109 (and I've just tested
that it cracks 110 too, but not 111 - as expected) with
"--format=dynamic='sha1($p)'", whereas "--format=raw-sha1" only goes up
to length 55 (also as expected).

> My future ambition is to expand this concept to be a Rosetta Stone for the
> superset of all formats supported by any known product. Small steps first.
> :)

Cool.  With JtR's command-line dynamics, its list of supported formats
is sort of "infinite", though. ;-)  But I guess you'll list only those
actually seen in use somewhere.

BTW, I found that the command-line dynamics are much easier to use than
having to remember the old numeric dynamics.

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ