Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 5 Feb 2012 13:08:34 +0100
From: A BC <>
Subject: DES - not "traditional DES-based" - (VNC hash) with JtR


I'm a new user of this mailing list, because I have a question I don't find
an answer to : is there a way to use JtR against DES 'hashes', where :
- you know the data to encrypt (challenge)
- you know the data when encrypted (challenge response, server side)
- you search the DES-password that was used to encrypt the data.

It is a way to authenticate with VNC ( page 14), which is reputed weak.
So I search how easily it can be efficiently broken, but I am very
surprised I did not find any answer to that. Maybe I searched wrongly, but
all my searched are driven by the well known UNIX traditional DES-based
salted hash.

So, I wish to use JtR for its mangling rules, wordlists capabilities, (and
maybe for its efficiency) but I can't find a way to make it do what I want.
I have searched in the community resources (,
in the most useful mailing lists posts (, I have searched in
the direction of "How to use the 'dynamic' format within john"
(jtr179j5/doc/DYNAMIC.txt) but I did not found what I want "DES($s,$p)", I
searched in tutorials (, and I
tried to look at patches (,
but no keywords matched, nor with our best friend ggl...

I am thinking about how JtR implements its algorithms, but it seems very
Otherwise, I am think about using JtR to generate the pwd to stdout, which
I would pipe into a Python soft using PyCrypto, but I don't know if the
pipes will react well to millions of pwds (will they stack ? will JtR wait
for the stdout be emptied by the Python script ?).

Is there something I missed ? Is there a solution better than another ? I
can code in C under Win/Linux, Python, ...

Thank you

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.