Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 29 Sep 2017 16:18:53 -0800
From: Royce Williams <royce@...ho.org>
To: john-users@...ts.openwall.com
Subject: Re: RFC: Hashkiller Rosetta Stone

(Apologies for the duplicate post; I've arbitrarily picked the other one:

http://www.openwall.com/lists/john-users/2017/09/29/6

... as the "real" one, and will tie this thread off)

On Fri, Sep 29, 2017 at 2:29 PM, magnum <john.magnum@...hmail.com> wrote:

> On 2017-09-29 17:13, Royce Williams wrote:
>
>> I'm working on a Hashkiller Rosetta stone (list of upload formats
>> supported
>> by Hashkiller, and how to use those modes in hashcat, john, and MDXfind.
>>
>> A draft is here:
>>
>> https://gist.github.com/roycewilliams/28a9e940e7cd37268ceeac4962bda757
>>
>> Any help/tips appreciated. I don't know the underlying algorithm of many
>> product-specific formats, so I'm almost certainly missing some obvious
>> ones.
>>
>> My future ambition is to expand this concept to be a Rosetta Stone for the
>> superset of all formats supported by any known product. Small steps first.
>> :)
>>
>
> Most formats consisting of a combination of simple primitives, like
> 'md5(md5($pass).md5($salt))' are possible in JtR on CPU using the "dynamic
> compiler" format. That very example would be written like this:
>
> $ ../run/john -test -form:dynamic='md5(md5($pass).md5($salt))'
> Benchmarking: dynamic=md5(md5($p).md5($s)) [128/128 AVX 4x3]... DONE
> Many salts:     12448K c/s real, 12573K c/s virtual
> Only one salt:  5458K c/s real, 5404K c/s virtual
>
> It can do many crazy combinations that is (probably) not used anywhere:
>
> $ ../run/john -test -form:dynamic='sha1(md5(md4($pass).$salt))'
> Benchmarking: dynamic=sha1(md5(md4($p).$s)) [128/128 AVX 4x1]... DONE
> Many salts:     5816K c/s real, 5816K c/s virtual
> Only one salt:  5340K c/s real, 5340K c/s virtual
>
> Sometimes it's not very fast, but it's always there - very handy. Note
> that any time there is a dedicated format for your need, you can bet that
> one is faster, and sometimes a LOT faster, than this "dynamic compiler"
> stuff.
>

Indeed. As noted in the other thread, I will try to make that clear in the
table somehow when I move it from a gist to something more durable.


> On another note, I'd add input syntax (or sample hashes) to the Rosetta
> Stone if I were you. Sometimes they differ, especially in how/where you
> specify the salt. Hashcat uses hash:salt while JtR never EVER has a ':'
> within a ciphertext (it's impossible, by design, and that makes the pot
> file unambigous).
> Sometimes the various crackers also differ in whether they want the salt
> as plaintext or hexified, and (if plaintext) they might have different ways
> to hex-escape stuff (eg. hashcat $HEX[cafe] vs. JtR $HEX$cafe)
>

Yes, syntax would be key for a Rosetta Stone! I do intend to make sure to
include it. Making it directly verifiable by example is the best way to
ensure that people can be confident in the accuracy.

Thanks!

Royce

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ