Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 30 Sep 2017 00:29:42 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: RFC: Hashkiller Rosetta Stone

On 2017-09-29 17:13, Royce Williams wrote:
> I'm working on a Hashkiller Rosetta stone (list of upload formats supported
> by Hashkiller, and how to use those modes in hashcat, john, and MDXfind.
> 
> A draft is here:
> 
> https://gist.github.com/roycewilliams/28a9e940e7cd37268ceeac4962bda757
> 
> Any help/tips appreciated. I don't know the underlying algorithm of many
> product-specific formats, so I'm almost certainly missing some obvious ones.
> 
> My future ambition is to expand this concept to be a Rosetta Stone for the
> superset of all formats supported by any known product. Small steps first.
> :)

Most formats consisting of a combination of simple primitives, like 
'md5(md5($pass).md5($salt))' are possible in JtR on CPU using the 
"dynamic compiler" format. That very example would be written like this:

$ ../run/john -test -form:dynamic='md5(md5($pass).md5($salt))'
Benchmarking: dynamic=md5(md5($p).md5($s)) [128/128 AVX 4x3]... DONE
Many salts:	12448K c/s real, 12573K c/s virtual
Only one salt:	5458K c/s real, 5404K c/s virtual

It can do many crazy combinations that is (probably) not used anywhere:

$ ../run/john -test -form:dynamic='sha1(md5(md4($pass).$salt))'
Benchmarking: dynamic=sha1(md5(md4($p).$s)) [128/128 AVX 4x1]... DONE
Many salts:	5816K c/s real, 5816K c/s virtual
Only one salt:	5340K c/s real, 5340K c/s virtual

Sometimes it's not very fast, but it's always there - very handy. Note 
that any time there is a dedicated format for your need, you can bet 
that one is faster, and sometimes a LOT faster, than this "dynamic 
compiler" stuff.


On another note, I'd add input syntax (or sample hashes) to the Rosetta 
Stone if I were you. Sometimes they differ, especially in how/where you 
specify the salt. Hashcat uses hash:salt while JtR never EVER has a ':' 
within a ciphertext (it's impossible, by design, and that makes the pot 
file unambigous).
Sometimes the various crackers also differ in whether they want the salt 
as plaintext or hexified, and (if plaintext) they might have different 
ways to hex-escape stuff (eg. hashcat $HEX[cafe] vs. JtR $HEX$cafe)


Cheers,
magnum

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ