Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue, 1 Jan 2013 23:30:09 +0100
From: Frank Dittrich <frank_dittrich@...mail.com>
To: john-dev@...ts.openwall.com
Subject: Re: A few questions regarding the newly added BLAKE2 format

On 01/01/2013 10:48 PM, magnum wrote:
> On 1 Jan, 2013, at 21:56 , Frank Dittrich <frank_dittrich@...mail.com> wrote:
>> On 01/01/2013 09:12 PM, magnum wrote:
>>> My personal opinion is that we should definitely accept untagged hashes, of course provided that the length and charset is correct. We have this very good feature where John tells us what formats could be using the hash. To make an input file automatically pick a certain format, add tags in the file with a trivial sed one-liner. Or just supply the --format option. On a related note, I think we should always add tags to john.pot (and this format do) unless the hash format is odd enough to be easily recognized even with future in mind. I'd really like to hear other's opinions too, including but not limited to Solar. And the john-users crowd too btw.
>>
>> My main concern here is that, especially with plugged-in-formats, you
>> never know how the sequence of formats will be changes, so that hashes
>> which now are treated as raw-sha512, will tomorrow be treated as
>> something different (e.g., BLAKE2).
> 
> I'm not sure this is really a problem and if it is, I do not think rejecting raw hashes is a good solution at all. Note that if you have an old session that auto-picked raw-sha512 it will have the --format=raw-sha512 syntethically added to the .rec file so a resumed session will *not* have any problems. This is an important feature, already implemented.
> 
> What we could do if you insist, is force raw-sha512 to load before blake.
I do not insist. I am just unsure what the best solution is.
Knowing what formats *could* possibly crack a given hash also is an
important feature.
May be you are right, and it is more important to let the user know that
there are possibly more formats which could crack a given hash than
allowing him not to specify --format=, and still expect a raw hash to be
treated as raw-sha512.

>  Either by renaming one of the source files so the plugin globbing will put them in a different order, or by making raw-sha512 a non-plugin.

No, spending/causing effort for such crude workarounds is not what I
wanted, although, in this particular case it might be a bit unfortunate
that BLAKE2 would grab raw-sha512 hastes, even if BLAKE2 probably isn't
really used as a password hash function.
There might be users who will complain on john-users when they are not
longer able to crack raw-sha512 hashes if they forget the --format switch.

May be this really should have been discussed on john-users as well, so
tomorrow I'll try to get this discussed on john-users.

As developers, we could adjust at least some of the test vectors, adding
the "$SHA512$" prefix, plus a comment which indicates that this prefix
should be added to the raw hashes to make sure raw-sha512 format is used
to crack these hashes.

Instead of mentioning each individual raw format in a doc file, and
creating a raw<something>2john binary or script for each individual raw
format, may be a more general tool could be helpful.

This tool (probably a symbolic link to john, to reuse core john
functionality as well as format specific functions) should allow to read
an input file (or stdin), and extract all input lines with hashes that
are treated as valid by a given format, replacing the input hash with
the canonical hash representation before writing the line to stdout.

E.g.,
./extract-hashes --format=raw-sha512 < in-file > out-file

Doing this might not be trivial, because we could run into issues
similar to those we have with --show=LEFT (suppressing multiple lines
with the same hash...)

Frank

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.