Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 29 Sep 2017 16:18:53 -0800
From: Royce Williams <>
Subject: Re: RFC: Hashkiller Rosetta Stone

(Apologies for the duplicate post; I've arbitrarily picked the other one:

... as the "real" one, and will tie this thread off)

On Fri, Sep 29, 2017 at 2:29 PM, magnum <> wrote:

> On 2017-09-29 17:13, Royce Williams wrote:
>> I'm working on a Hashkiller Rosetta stone (list of upload formats
>> supported
>> by Hashkiller, and how to use those modes in hashcat, john, and MDXfind.
>> A draft is here:
>> Any help/tips appreciated. I don't know the underlying algorithm of many
>> product-specific formats, so I'm almost certainly missing some obvious
>> ones.
>> My future ambition is to expand this concept to be a Rosetta Stone for the
>> superset of all formats supported by any known product. Small steps first.
>> :)
> Most formats consisting of a combination of simple primitives, like
> 'md5(md5($pass).md5($salt))' are possible in JtR on CPU using the "dynamic
> compiler" format. That very example would be written like this:
> $ ../run/john -test -form:dynamic='md5(md5($pass).md5($salt))'
> Benchmarking: dynamic=md5(md5($p).md5($s)) [128/128 AVX 4x3]... DONE
> Many salts:     12448K c/s real, 12573K c/s virtual
> Only one salt:  5458K c/s real, 5404K c/s virtual
> It can do many crazy combinations that is (probably) not used anywhere:
> $ ../run/john -test -form:dynamic='sha1(md5(md4($pass).$salt))'
> Benchmarking: dynamic=sha1(md5(md4($p).$s)) [128/128 AVX 4x1]... DONE
> Many salts:     5816K c/s real, 5816K c/s virtual
> Only one salt:  5340K c/s real, 5340K c/s virtual
> Sometimes it's not very fast, but it's always there - very handy. Note
> that any time there is a dedicated format for your need, you can bet that
> one is faster, and sometimes a LOT faster, than this "dynamic compiler"
> stuff.

Indeed. As noted in the other thread, I will try to make that clear in the
table somehow when I move it from a gist to something more durable.

> On another note, I'd add input syntax (or sample hashes) to the Rosetta
> Stone if I were you. Sometimes they differ, especially in how/where you
> specify the salt. Hashcat uses hash:salt while JtR never EVER has a ':'
> within a ciphertext (it's impossible, by design, and that makes the pot
> file unambigous).
> Sometimes the various crackers also differ in whether they want the salt
> as plaintext or hexified, and (if plaintext) they might have different ways
> to hex-escape stuff (eg. hashcat $HEX[cafe] vs. JtR $HEX$cafe)

Yes, syntax would be key for a Rosetta Stone! I do intend to make sure to
include it. Making it directly verifiable by example is the best way to
ensure that people can be confident in the accuracy.



Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ