Date: Tue, 24 Jul 2012 01:19:37 +0400 From: Alexander Cherepanov <cherepan@...me.ru> To: john-dev@...ts.openwall.com Subject: Re: mscash2 / hmac-md5 ambiguity On 2012-07-23 14:46, magnum wrote: > On 2012-07-23 11:47, Alexander Cherepanov wrote: >> mscash2 hashes in their canonical form are nevertheless accepted as >> hmac-md5: >> >> $ cat mscash2.john >> chatelain:$DCC2$10240#chatelain#e4e15fdfafc8e715da9edec3611bfbff >> $ john mscash2.john >> Warning: detected hash type "mscash2", but the string is also recognized >> as "hmac-md5" >> Use the "--format=hmac-md5" option to force loading these as that type >> instead >> Loaded 1 password hash (M$ Cache Hash 2 (DCC2) PBKDF2-HMAC-SHA-1 >> [128/128 SSE2 intrinsics 8x]) >> guesses: 0 time: 0:00:00:02 0.00% (2) c/s: 339 trying: 123456 - abc123 >> Session aborted >> $ john --format=hmac-md5 mscash2.john >> Loaded 1 password hash (HMAC MD5 [128/128 SSE2 intrinsics 12x]) >> guesses: 0 time: 0:00:00:02 0.00% (3) c/s: 1120K trying: 123man - 123mah >> Session aborted >> >> IMHO that's not very good. > > It was much worse until we forced hmac-md5 to lower precedence than > mscash. Now it is just cosmetic. That hash *is* a valid hmac-md5 hash, > with a salt of "$DCC2$10240#chatelain". Were these forms chosen for compatibility with other tools? I mean it's a pity to have a special, canonical form for a hash which clashes with other formats. On a more practical note, this means that you cannot build a robust system to run john for different kinds of hashes without --format. In a contest we get some hashes, determine their format and sort them into files named after formats. For me that's enough -- with it I can do things like that: for file in *.john; do format=`basename "$file" .john` john ... --format="$format" "$format.john" done But, as Frank pointed out, it's better if --format is not required -- less chances that a user will forget it. Probably we can ignore it until we actually meet hmac-md5. > We can stop this by > black-listing certain format salts. That's OK with me but in some way > it's a flawed path. Agreed. -- Alexander Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.