Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 24 Jun 2012 22:34:46 +0200
From: newangels newangels <>
Subject: Re: SSHA / SHA256 BASE64 on 1.79-5

Hello Stephen,

Thanks a lot for your reply & analyse.

Here the answer about my computer's profile.

1/ Computer's: ( MacPro & MacBook Pro, SSD etc...Quad Xeons & I7)

2/ OS = MAC_OSX LION ( last version)

3/ JTR = 1.7.9 - 5 JUMBO ( from Erik Winkler compilation + other one by me)

After some try, i think the SSHA are removed on this new version by the dev no ?
(cause remember with passed version i can run --format=SSHA here no)

./john --format=ssha --test

= Unknown ciphertext format name requested

Ok, i try to run with your decode one & it sem working with this syntax format :

.john --format=salted-sha1 hashe.txt
Loaded 1 password hash (Salted SHA-1 [SSE2i 8x])

Concern, the thing i know about this hashe, is an SHA256 Base64, so
how it can be interpreted by john like an SHA1-Salted, that format
take the Sha256 even salted & encode ??

Anyway, i try to run in this way so....

new-host:run xxxx$ ./john --format=salted-sha1 --test
Benchmarking: Salted SHA-1 [SSE2i 8x]... DONE
Many salts:	14064K c/s real, 14064K c/s virtual
Only one salt:	12414K c/s real, 12414K c/s virtual

Ok, in the case is the way to go, can you please give me the tricks
for decode this list of hashes i have to make them run properly, cause
i got an big amount of them, maybe an Python or perl script exist ?

Thanks again for your help & time,



2012/6/24, Stephen John Smoogen <>:
> On 24 June 2012 10:23, donovan <> wrote:
>> Hello all,
>> I have some trouble to find the correct syntax with an SHA256 BASE64
>> Hashe.
>> The hashes :
>> 00CSqo60oi0+VzbLjsWo/m65VNj16CF7jW6RqXyQHpQ=
>> So i make some search a seem is identified now at :
>> "ssha – Netscape LDAP SSHA"
>> So i add on the start on the hashes {SSHA}
>> & run ./john hashe.txt
>> & i got this error :
>> ***************
>> unknown salt size for {SSHA}00CSqo60oi0+VzbLjsWo/m65VNj16CF7jW6RqXyQHpQ=
>> (total len=50)
>> Segmentation fault: 11
> Ok the segmenation fault looks bad. I don't think I can help with that
> part. What will be needed though is:
> What version of John
> What OS
> What hardware
> After that I was looking at the item, and I don't know if it is
> actually SSHA because it is a LOT longer than what the SSHA strings I
> found in the source code.
> 00CSqo60oi0+VzbLjsWo/m65VNj16CF7jW6RqXyQHpQ=
> Qc9OB+aEFA/mJ5MNy0AB4hRIkNiAbqDb
> YbB2R1D2AlzYc9wk/YPtslG7NoiOWaoMOztLHA==
> This leads me to believe that if that is actually a SSHA then there is
> extra items in it.
> Doing a base64 decode of the string gave me a bunch of binary data but
> a -> in the string. So.. try
> {SSHA}VzbLjsWo/m65VNj16CF7jW6RqXyQHpQ=
> which isn't in any of my dictionaries but does not cause john to crap
> out so hopefully I pulled the string at the right point.
> --
> Stephen J Smoogen.
> "The core skill of innovators is error recovery, not failure avoidance."
> Randy Nelson, President of Pixar University.
> "Years ago my mother used to say to me,... Elwood, you must be oh
> so smart or oh so pleasant. Well, for years I was smart. I
> recommend pleasant. You may quote me."  —James Stewart as Elwood P. Dowd

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.