Date: Fri, 8 Jun 2012 10:45:31 -0500 From: "jfoug" <jfoug@....net> To: <john-dev@...ts.openwall.com> Subject: RE: Was: RE: [john-users] JtR to process the LinkedIn hash dump I believe this version (patches into magnum-jumbo), fixes the problem. Now if there are 0000003ced2802e237e597f6a9d14e963206d6c3 122b603ced2802e237e597f6a9d14e963206d6c3 JtR will only internally work with one hash. It will always write this one: 122b603ced2802e237e597f6a9d14e963206d6c3 To the .pot file. Also, if ONLY 0000003ced2802e237e597f6a9d14e963206d6c3 existed in the input file, then it would be cracked properly, and 122b603ced2802e237e597f6a9d14e963206d6c3 would be written out to the .pot. The loader code, also properly removes both 00000... and 122b6... if 122b603ced2802e237e597f6a9d14e963206d6c3 is in the .pot file. Note, this DOES require get_source to return a possibly different string than the split(). This is 'against' the assertion rules. This was causing self tests to fail, IF there were any of the 00000 hashes in self test strings, so they simply have been removed. Now, self test passes, since we are not breaking the assertion ourselves, and the format properly handles ALL strings. In this format, we 'could' remove the raw-sha1_LI, and simply change raw-sha1 to behave like this. It still tests 128 bits of the hash, and works exactly the same (same .pot, same loader removals, and internal dupe logic), BUT it allows these smashed LinkedIn hashes to also load. I have not done it this way right now, but it is something we 'could' do. This patch patches right to the jumbo-bleeding git, as long as magnum has not yet updated it. Ok, here are 2 runs, one with the newest of code, and one with prior version (but with the 00000's in the hash). The prior version did NOT unify the hashes, and did not reconstruct the proper hash. ./johnb2 -inc:digits -nolog -pot=johnb2.pot -form=raw-sha1_LI combo_not.txt Loaded 5787239 password hashes with no different salts (Raw SHA-1-LI [SSE2 4x]) .... guesses: 179810 time: 0:00:00:37 DONE (Fri Jun 8 10:41:34 2012) c/s: 16934G trying: 83536781 - 83536784 Warning: passwords printed above might not be all those cracked Use the "--show" option to display all of the cracked passwords reliably ./johnb -inc:digits -nolog -pot=johnb.pot -form=raw-sha1_LI combo_not.txt Loaded 6458020 password hashes with no different salts (Raw SHA-1-LI [SSE2 4x]) .... guesses: 179810 time: 0:00:00:47 DONE (Fri Jun 8 10:43:29 2012) c/s: 14916G trying: 83536781 - 83536784 Use the "--show" option to display all of the cracked passwords reliably NOTE, that only 5787239 were loaded on this version, compared with 6458020 (which is the count in the input file), on the older version. This means there are 670781 'dupes' in the hash file. With the new patch, these all get cracked together (well, each 'pair' will get cracked together). Jim. Download attachment "raw-sha1_LI_fix-v2.diff" of type "application/octet-stream" (7283 bytes)
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.