Date: Sun, 24 Apr 2016 17:56:54 +0300 From: Aleksey Cherepanov <lyosha@...nwall.com> To: john-dev@...ts.openwall.com Subject: Re: XenForo algorithm and dynamic formats On Sun, Apr 24, 2016 at 05:50:53PM +0300, Aleksey Cherepanov wrote: > On Sun, Apr 24, 2016 at 04:36:25PM +0200, Eddy wrote: > > a guy requested on hashcat github an implementation of XenForo encryption > > scheme, which follows this: > > > > sha1(hexdigest (sha1(password)) . hexdigest(salt)) > > sha256(hexdigest (sha256(password)) . hexdigest(salt)) > > > > These schemes could easily be implemented using dynamic so I was wondering > > They are already implemented: > > dynamic_1503 sha256(sha256($p).$s) (XenForo SHA-256) > dynamic_1502 sha1(sha1($p).$s) (XenForo SHA-1) > > $ run/john --list=format-details | grep -i xenforo > > > if there is any perticular will of the team whether to implement proper > > formats for this kind of encryption schemes or to only rely on dynamic > > formats (thus less performances) > > In the scheme with sha256, sha256($p) may be lifted from loop over > salts because the result is in hex and is long exactly as input block > for sha256. I guess Jim's current dynamics does not catch such case, > but it may be worth to improve it there instead of new format. Oh, I replied to quickly: both sha256($p) and sha1($p) may be lifted and it looks like dynamics handle it: $ john '--format=dynamic=sha1(sha1($p).$s)' --test=5 Benchmarking: dynamic=sha1(sha1($p).$s) [128/128 SSE4.1 4x1]... DONE Many salts: 7520K c/s real, 7520K c/s virtual Only one salt: 2767K c/s real, 2767K c/s virtual $ john '--format=dynamic=sha1($p.$s)' --test=5 Benchmarking: dynamic=sha1($p.$s) [128/128 SSE4.1 4x1]... DONE Many salts: 5111K c/s real, 5122K c/s virtual Only one salt: 4600K c/s real, 4600K c/s virtual But with sha256($p), it is possible to lift the first limb of outer sha256. > More comments? Thanks! -- Regards, Aleksey Cherepanov
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.